← Volver a CVEs
CVE-2021-22137
MEDIUM5.3
Descripcion
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/13/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
elastic:elasticsearch
Debilidades (CWE)
CWE-200CWE-281
Referencias
https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125(security@elastic.co)
https://security.netapp.com/advisory/ntap-20210625-0003/(security@elastic.co)
https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210625-0003/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.