Multiple vulnerabilities in Elasticsearch



Published: 2021-03-25 | Updated: 2022-10-19
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-22137
CVE-2021-22135
CWE-ID CWE-281
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Elasticsearch
Web applications / Other software

Vendor Elastic Stack

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Preservation of Permissions

EUVDB-ID: #VU51712

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22137

CWE-ID: CWE-281 - Improper preservation of permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to search queries do not properly preserve security permissions when executing certain cross-cluster search queries. A remote user can disclose existence of documents via search functionality, when Document or Field Level Security is used.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Elasticsearch: 6.0.0 - 7.11.1

External links

http://www.elastic.co/community/security#ESA-2021-08


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU51710

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22135

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. A remote user can perform certain queries to enable the profiler and suggester on index and disclose existence of documents and fields.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Elasticsearch: 6.0.0 - 7.11.1

External links

http://www.elastic.co/community/security#ESA-2021-06


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###