Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://www.elastic.co/community/security/

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

Related Vulnerabilities

CVE-2022-29237 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl

CVE-2022-25852 Vulnerability in npm package pg-native

CVE-2022-39263 Vulnerability in npm package @next-auth/upstash-redis-adapter

CVE-2023-40347 Vulnerability in maven package org.jenkins-ci.plugins:maven-artifact-choicelistprovider

CVE-2018-3774 Vulnerability in maven package org.webjars.npm:url-parse

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Third Party Advisory