CVE-2021-22147
MEDIUM6.5EPSS 0.31%Exposure of sensitive information in Elasticsearch
發布日:2021/9/20修改日:2024/2/17
描述
A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
受影響套件(2)
- Bitnami/elasticsearch>= 7.11.0, < 7.14.0
- Maven/org.elasticsearch:elasticsearch>= 7.11.0, < 7.14.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-22147
- WEBhttps://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
- WEBhttps://security.netapp.com/advisory/ntap-20211008-0002
- WEBhttps://security.netapp.com/advisory/ntap-20211008-0002/
- WEBhttps://www.elastic.co/community/security
- WEBhttps://www.elastic.co/community/security/