Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

https://security.netapp.com/advisory/ntap-20211008-0002/

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2022-34183 Vulnerability in maven package io.jenkins.plugins:agent-server-parameter

CVE-2022-25854 Vulnerability in npm package @yaireo/tagify

CVE-2023-45137 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-27820 Vulnerability in maven package org.zaproxy:zap

CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-core

Severity

High

Classification

CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Third Party Advisory