Linux Distros Unpatched Vulnerability : CVE-2021-22147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to...

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Elasticsearch ( CVE-2021-22144, CVE-2021-22145, CVE-2021-22147)

Summary IBM Security SOAR is using a component with known vulnerabilities - Elasticsearch CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 Vulnerability Details CVEID: CVE-2021-22144 DESCRIPTION: Elasticsearch is vulnerable to a denial of service, caused by an uncontrolled recursion vulnerability i...

cc.vihackerframework:vihacker-elasticsearch-starter (>=1.0.4.R <=1.0.8.R), cn.codeforfun:discovery-client-elasticsearch (>=1.0.2 <=1.0.5) +164 more potentially affected by CVE-2021-22147 via org.elasticsearch:elasticsearch (>=7.11.0 <=7.13.4)

org.elasticsearch:elasticsearch MAVEN version =7.11.0, =1.0.4.R, =1.0.2, =0.1.3-alpha, =0.1.3-alpha, =1.0.0-RELEASE, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.6.0, =1.2.0, =1.2.0, =1.8.3, =1.44.0-rc.5 and more Source cves: CVE-2021-22147 Source advisory: OSV:GHSA-45H5-R968-5XR7...

CVE-2021-22147

CVE-2021-22147 affects Elasticsearch versions 7.11.0–7.13.4 where document and field level security is not applied to searchable snapshots, allowing an authenticated user to view information they are not authorized to see. The issue stems from a missing security enforcement in searchable snapshot...