CVE-2021-22137

CVE-2021-22137

Vendor Elastic

Product Elasticsearch

Weakness CWE-200 · Info exposure

Published May 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

Key dates

02Disclosure timeline

May 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22137

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE