Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Remediation
References
https://www.elastic.co/community/security/
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
Related Vulnerabilities
CVE-2017-3523 Vulnerability in maven package mysql:mysql-connector-java
CVE-2018-1999045 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-3859 Vulnerability in maven package io.undertow:undertow-core
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service