Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistElasticCVELIST:CVE-2021-37940
HistoryDec 07, 2021 - 6:59 p.m.

CVE-2021-37940

2021-12-0718:59:29
CWE-918
elastic
www.cve.org
6
information disclosure
ghes integration
server-side request forgery
workplace search admin
publicly accessible hosts

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.

CNA Affected

[
  {
    "product": "Enterprisesearch",
    "vendor": "Elastic",
    "versions": [
      {
        "status": "affected",
        "version": "before 7.16.0"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
prion
prion
Server side request forgery (ssrf)
2021-12-07 19:15:00
nvd
nvd
CVE-2021-37940
2021-12-07 19:15:07
cve
cve
CVE-2021-37940
2021-12-07 19:15:07

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON
Related for CVELIST:CVE-2021-37940
prion1nvd1cve1