Lucene search
ElasticCVELIST:CVE-2021-22137HistoryMay 13, 2021 - 5:35 p.m.
CVE-2021-22137
2021-05-1317:35:18
CWE-200
elastic
www.cve.org
9
elasticsearch
security flaw
document disclosure
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CNA Affected
[
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 7.11.2 and 6.8.15"
}
]
}
]Related
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
BIT-elasticsearch-2021-22137
2024-03-06 10:53:35
CVE-2021-22137
2021-05-13 18:15:09
nvd
nvd
CVE-2021-22137
2021-05-13 18:15:09
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
cve
cve
CVE-2021-22137
2021-05-13 18:15:09
redhatcve
redhatcve
CVE-2021-22137
2021-03-25 14:58:19
veracode
veracode
Information Disclosure
2021-05-17 07:46:38
ubuntucve
ubuntucve
CVE-2021-22137
2021-05-13 00:00:00
prion
prion
Design/Logic Flaw
2021-05-13 18:15:00
ibm
ibm
openvas
openvas
Elastic Elasticsearch Multiple Vulnerabilities (ESA-2021-06, ESA-2021-08)
2021-05-14 00:00:00
redhat
redhat