Lucene search

K
cvelistElasticCVELIST:CVE-2021-22147
HistorySep 15, 2021 - 11:36 a.m.

CVE-2021-22147

2021-09-1511:36:19
CWE-732
elastic
www.cve.org

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

CNA Affected

[
  {
    "product": "Elasticsearch",
    "vendor": "Elastic",
    "versions": [
      {
        "status": "affected",
        "version": "versions 7.11.0 to 7.13.4"
      }
    ]
  }
]

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%