Published: 13/05/2021 Updated: 04/11/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

In Elasticsearch versions prior to 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elastic elasticsearch

Synopsis Moderate: Red Hat Integration Camel Extensions for Quarkus 27 security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel Extensions for Quarkus 27 is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has rated this update as h ...

Synopsis Moderate: Red Hat Integration Camel-K 18 security update Type/Severity Security Advisory: Moderate Topic A minor version update is now available for Red Hat Integration Camel K The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as havi ...

A document disclosure flaw was found in Elasticsearch versions before 6815 and 7112 when Document or Field Level Security is used Search queries do not properly preserve security permissions when executing certain cross-cluster search queries This could result in the search disclosing the existence of documents the attacker should not be able ...

CWE-281 https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 https://security.netapp.com/advisory/ntap-20210625-0003/https://access.redhat.com/errata/RHSA-2022:5606 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-22137

CVE-2021-22137

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect