CVE-2021-22147

Опубликовано: 15 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Ссылки

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
Vendor Advisory
https://security.netapp.com/advisory/ntap-20211008-0002/
Third Party Advisory
https://www.elastic.co/community/security/
Vendor Advisory
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
Vendor Advisory
https://security.netapp.com/advisory/ntap-20211008-0002/
Third Party Advisory
https://www.elastic.co/community/security/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*

Версия от 7.11.0 (включая) до 7.14.0 (исключая)

EPSS

Процентиль: 54%

0.00314

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

CWE-862

Связанные уязвимости

CVE-2021-22147

CVSS3: 6.5

ubuntu

больше 4 лет назад

CVE-2021-22147

CVSS3: 5.7

redhat

больше 4 лет назад

CVE-2021-22147

CVSS3: 6.5

debian

больше 4 лет назад

Elasticsearch before 7.14.0 did not apply document and field level sec ...

GHSA-45h5-r968-5xr7

CVSS3: 6.5

github

больше 4 лет назад

Exposure of sensitive information in Elasticsearch

EPSS

Процентиль: 54%

0.00314

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

CWE-862