Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-bukkit
CVE-2022-27166 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth
CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core_2.11
CVE-2022-23458 Vulnerability in maven package org.webjars.bowergithub.nhn:tui.grid