Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-common

CVE-2016-6814 Vulnerability in maven package org.codehaus.groovy:groovy-all

CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

CVE-2021-21640 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-11764 Vulnerability in maven package org.apache.hadoop:hadoop-core

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Third Party Advisory