CVE-2021-22147

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Published: Sep 15, 2021
Updated: May 9, 2024
CVE: CVE-2021-22147
GHSA: GHSA-45h5-r968-5xr7
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-732
CWE-862

Affected Software
References

Software	From	Fixed in
elastic / elasticsearch	7.11.0	7.14.0
org.elasticsearch / elasticsearch	7.11.0	7.14.0

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/

Vulnerability Database

289,599

CVE-2021-22147