Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook

CVE-2023-30527 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth

CVE-2019-13416 Vulnerability in maven package com.floragunn:search-guard-6

CVE-2023-22893 Vulnerability in npm package @strapi/plugin-users-permissions

CVE-2023-23850 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Third Party Advisory