What the vulnerability does

01Description

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Key dates

02Disclosure timeline

September 15, 2021 CVE published
August 3, 2024 Record updated