Published: 21/07/2021 Updated: 12/07/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elastic elasticsearch 7.13.3

Elasticsearch ECE version 7133 anonymous database dumping exploit ...

cve-2021-22146 I found during a internal pentest a vulnerability on elastic ECE Elasticdump is a PoC for CVE-2021-22146 to dump database from elastic ece from 7100 to 7133 wwwexploit-dbcom/exploits/50152 Collaborators: Mario Díaz Caldera

NVD-CWE-Other https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180 http://packetstormsecurity.com/files/163655/Elasticsearch-ECE-7.13.3-Database-Disclosure.html https://security.netapp.com/advisory/ntap-20210819-0005/https://nvd.nist.gov https://github.com/magichk/cve-2021-22146 https://packetstormsecurity.com/files/163655/Elasticsearch-ECE-7.13.3-Database-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-22146

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect