CVE-2021-22147 Vulnerability in maven package org.elasticsearch:elasticsearch

Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2019-2692 Vulnerability in maven package mysql:mysql-connector-java

CVE-2017-1000390 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-multijob-plugin

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2023-26487 Vulnerability in npm package vega-functions

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N