Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2021-22160 Vulnerability in maven package org.apache.pulsar:pulsar-broker-common
CVE-2021-21174 Vulnerability in npm package electron
CVE-2017-17068 Vulnerability in npm package auth0-js
CVE-2020-15777 Vulnerability in maven package com.gradle:gradle-enterprise-maven-extension
CVE-2023-28674 Vulnerability in maven package org.jenkinsci.plugins:octoperf