Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20211008-0002/ | Third Party Advisory |
https://www.elastic.co/community/security/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2021-09-15T11:36:19
Updated: 2021-10-08T14:06:33
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22147
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-15T12:15:08.917
Modified: 2022-11-04T18:27:17.933
Link: CVE-2021-22147
JSON object: View
Redhat Information
No data.