Description
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://security.netapp.com/advisory/ntap-20211008-0002/
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2020-14366 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2014-3666 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common
CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-22984 Vulnerability in npm package snyk-docker-plugin