CVE-2021-22135

elasticsearch: Document disclosure flaw in the Elasticsearch suggester

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.

Elasticsearch versiones anteriores a 7.11.2 y 6.8.15, contienen un fallo en la divulgación de documentos que se encontró en la API suggester y profile de Elasticsearch cuando Document and Field Level Security está habilitada. La API suggester y profile normalmente están deshabilitadas para un índice cuando la seguridad a nivel de documento está habilitada en el índice. Determinadas consultas son capaces de habilitar el profiler y suggester, lo que podría conllevar a revelar la existencia de documentos y campos que el atacante no sería capaz de visualizar

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2021-05-13 CVE Published
2024-01-27 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (4)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20210625-0003	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125	2021-09-07
https://access.redhat.com/security/cve/CVE-2021-22135	2022-07-19
https://bugzilla.redhat.com/show_bug.cgi?id=1943184	2022-07-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Elastic Search vendor "Elastic"		Elasticsearch Search vendor "Elastic" for product "Elasticsearch"				< 6.8.15 Search vendor "Elastic" for product "Elasticsearch" and version " < 6.8.15"		-		Affected
Elastic Search vendor "Elastic"		Elasticsearch Search vendor "Elastic" for product "Elasticsearch"				>= 7.11.0 < 7.11.2 Search vendor "Elastic" for product "Elasticsearch" and version " >= 7.11.0 < 7.11.2"		-		Affected