Vulnerabilities > CVE-2021-22147 - Missing Authorization vulnerability in Elastic Elasticsearch
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Common Weakness Enumeration (CWE)
References
- https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
- https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
- https://security.netapp.com/advisory/ntap-20211008-0002/
- https://security.netapp.com/advisory/ntap-20211008-0002/
- https://www.elastic.co/community/security/
- https://www.elastic.co/community/security/