VDB

CVE-2021-22135

CVE-2021-22135 PUBLISHED

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.

EPSS 0.15% · 35.7th percentile

Risk Scores

EPSS Score
0.15%
35.7th percentile

Affected Products

VendorProductVersions
Bitnamielasticsearch0, 7.11.0
Bitnamielasticsearch0, 7.11.0, 0

Timeline

  • May 13, 2021 CVE Published
  • May 14, 2021 EPSS Score
  • Jul 17, 2021 EPSS Score
  • Sep 16, 2021 EPSS Score
  • Nov 17, 2021 EPSS Score
  • Jan 17, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 20, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 21, 2022 EPSS Score
  • Jul 22, 2022 EPSS Score
  • Sep 22, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›