CVE-2021-22147

{"id": "CVE-2021-22147", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-09-15T12:15:08.917", "references": [{"url": "https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://security.netapp.com/advisory/ntap-20211008-0002/", "tags": ["Third Party Advisory"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security/", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view."}, {"lang": "es", "value": "Elasticsearch versiones anteriores a 7.14.0, no aplicaba la seguridad a nivel de documento y de campo a las instant\u00e1neas con capacidad de b\u00fasqueda. Esto pod\u00eda conllevar a que un usuario autenticado consiguiera acceso a informaci\u00f3n que no estaba autorizado a visualizar"}], "lastModified": "2022-11-04T18:27:17.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A26A46C5-D497-476F-A7E9-128F5E625231", "versionEndExcluding": "7.14.0", "versionStartIncluding": "7.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}