CVE-2021-22141

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22141

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22141.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22141

Downstream

SUSE-SU-2021:3729-1

SUSE-SU-2022:1654-1

Related

Published

2022-11-18T23:15:11.553Z

Modified

2026-02-16T05:07:43.092910Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1f62092a874cdc73ae87e6f8361ae2b6dc4a87f3

Introduced

b7e28a7232616c7a21bc879a535d801b8553ba77

Fixed

5ca8591c6fcdb1260ce95b08a8e023559635c6f3

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "function": "resolveIndicesAndAliases",
            "file": "x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "function_hash": "227216430068460033235308427492323478400",
            "length": 2935.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2021-22141-380249c2"
    },
    {
        "deprecated": false,
        "target": {
            "file": "server/src/main/java/org/elasticsearch/action/admin/indices/alias/get/TransportGetAliasesAction.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "line_hashes": [
                "55539977706972764223998020109119724887",
                "108866741272134427931983020897151238150",
                "329827430092600655194924251720352038283",
                "85338178055917574359418118532690349453",
                "313565538655456924766280144088592985868",
                "115626852840808190571223943133786180257",
                "194588236440361431816945964874334377311"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2021-22141-38eb1b31"
    },
    {
        "deprecated": false,
        "target": {
            "function": "masterOperation",
            "file": "server/src/main/java/org/elasticsearch/action/admin/indices/alias/get/TransportGetAliasesAction.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "function_hash": "268543545218217461850131332688807170407",
            "length": 491.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2021-22141-68f925ba"
    },
    {
        "deprecated": false,
        "target": {
            "file": "x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "line_hashes": [
                "74928895544089740689162400432413003952",
                "97561339387465302885684987238720635614",
                "44533704551911896204620084930598125429",
                "275049118129502138480443430981388358541"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2021-22141-71f9dbb1"
    },
    {
        "deprecated": false,
        "target": {
            "function": "isIndexVisible",
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "function_hash": "247112587562710771113135290605449782032",
            "length": 1102.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2021-22141-7d559983"
    },
    {
        "deprecated": false,
        "target": {
            "function": "resolveIndexAbstractions",
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "function_hash": "273230870683369765253352467588015177127",
            "length": 1373.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2021-22141-b1a8ffe7"
    },
    {
        "deprecated": false,
        "target": {
            "function": "isIndexVisible",
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "function_hash": "102021398784448359171462391403856401347",
            "length": 158.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2021-22141-b9073a4d"
    },
    {
        "deprecated": false,
        "target": {
            "file": "server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java"
        },
        "source": "https://github.com/elastic/elasticsearch/commit/5ca8591c6fcdb1260ce95b08a8e023559635c6f3",
        "digest": {
            "line_hashes": [
                "315583905025711201338257251550976430652",
                "162055396232869671782478615264078473955",
                "60127143269222727131888252790882248346",
                "117465318921854459789400838715394032978",
                "170756754679239683118032533315915259355",
                "134906571956213828407197490727364771243",
                "109669367423997211060033604053313673331",
                "40676066967639263533994094079349730991",
                "156226404375316730968696291449751363272",
                "98841195464491134889173032696595615713",
                "181914096864269137743629192678985626619",
                "151564147691626552071742565259854921797",
                "333686622301376325362460423106807652814",
                "141362554469059029444557007985627274672",
                "322716854967362460775656511697347633157",
                "257445524494417861409133682691751834861",
                "246965848769450748258097109991113816289",
                "213510124587421860425982392086712920913",
                "163386518199771855566380438249349316377",
                "122344896278602812722681119217318308435",
                "293555246667050077758058929476892999409",
                "191227080001206068144340340779451891136",
                "338221508279617582727204616913772286527",
                "294985612753226738409344034344247054434",
                "99428750193244029909347155815027104093",
                "150912233749050384828794130147314119871",
                "32450535925734433967500510116973595593",
                "55007076679500927438590671160792156802"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2021-22141-be2c9296"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22141.json"