CVE-2021-22147 Vulnerability in maven package org.elasticsearch:elasticsearch

Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2018-1000145 Vulnerability in maven package org.jvnet.hudson.plugins:perforce

CVE-2022-43432 Vulnerability in maven package org.jenkins-ci.plugins:xframium

CVE-2021-25738 Vulnerability in maven package io.kubernetes:client-java-parent

CVE-2020-2257 Vulnerability in maven package org.jenkins-ci.plugins:validating-string-parameter

CVE-2018-1000012 Vulnerability in maven package org.jvnet.hudson.plugins:warnings

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N