CVE-2021-22147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22147

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22147.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22147

Aliases

Related

UBUNTU-CVE-2021-22147

Withdrawn

2024-05-08T06:50:52.807072Z

Published

2021-09-15T12:15:08Z

Modified

2023-12-06T00:45:49.008544Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

8ced7813d6f16d2ef30792e2fcde3e755795ee04

Fixed

dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1