Vulnerabilities > CVE-2021-22146 - Unspecified vulnerability in Elastic Elasticsearch 7.13.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://packetstormsecurity.com/files/163655/Elasticsearch-ECE-7.13.3-Database-Disclosure.html
- http://packetstormsecurity.com/files/163655/Elasticsearch-ECE-7.13.3-Database-Disclosure.html
- https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180
- https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180
- https://security.netapp.com/advisory/ntap-20210819-0005/
- https://security.netapp.com/advisory/ntap-20210819-0005/