CVE-2021-22146
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
Todas las versiones de Elastic Cloud Enterprise presentan el usuario "anonymous" de Elasticsearch habilitado por defecto en los clusters desplegados. Mientras que en la configuración por defecto el usuario anónimo no presenta permisos y no puede consultar con éxito cualquier API de Elasticsearch, un atacante podría aprovechar el usuario anónimo para conseguir información sobre determinados detalles de un clúster desplegado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-07-21 CVE Published
- 2021-07-26 First Exploit
- 2024-08-03 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20210819-0005 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/50152 | 2021-07-26 | |
| http://packetstormsecurity.com/files/163655/Elasticsearch-ECE-7.13.3-Database-Disclosure.html | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180 | 2022-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elastic Search vendor "Elastic" | Elasticsearch Search vendor "Elastic" for product "Elasticsearch" | 7.13.3 Search vendor "Elastic" for product "Elasticsearch" and version "7.13.3" | - |
Affected
| ||||||