CVE-2021-22147
First published: Wed Sep 15 2021(Updated: )
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Elasticsearch | >=7.11.0<7.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22147?
CVE-2021-22147 is a vulnerability in Elasticsearch versions before 7.14.0 that allowed an authenticated user to access unauthorized information in searchable snapshots.
How does CVE-2021-22147 impact Elasticsearch?
CVE-2021-22147 impacted Elasticsearch versions before 7.14.0 by not applying document and field level security to searchable snapshots.
What is the severity of CVE-2021-22147?
CVE-2021-22147 has a severity value of 6.5, which is considered medium.
What is the Common Weakness Enumeration (CWE) for CVE-2021-22147?
The CWE for CVE-2021-22147 is CWE-862 and CWE-732.
How can I fix CVE-2021-22147?
To fix CVE-2021-22147, you should update Elasticsearch to version 7.14.0 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/elastic
- canonical/elastic elasticsearch
- version/elastic elasticsearch/7.11.0