BIT-elasticsearch-2021-22147

BIT-elasticsearch-2021-22147 PUBLISHED CVSS 6.5 MEDIUM

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Bitnami	elasticsearch	7.11.0, 7.11.0, 7.11.0

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344 url
https://security.netapp.com/advisory/ntap-20211008-0002/ url
https://www.elastic.co/community/security/ url
https://nvd.nist.gov/vuln/detail/CVE-2021-22147 url

Open in Interactive Console →