#VU51710 Security restrictions bypass in Elasticsearch
Vulnerability identifier: #VU51710
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Elasticsearch
Web applications /
Other software
Vendor: Elastic Stack
Description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. A remote user can perform certain queries to enable the profiler and suggester on index and disclose existence of documents and fields.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Elasticsearch: 7.11.0 - 7.11.1, 7.10.0 - 7.10.2, 7.9.0 - 7.9.3, 7.8.0 - 7.8.1, 7.7.0 - 7.7.1, 7.6.0 - 7.6.2, 7.5.0 - 7.5.2, 7.4.0 - 7.4.2, 7.3.0 - 7.3.2, 7.2.0 - 7.2.1, 7.0.0 - 7.0.1, 7.1.0 - 7.1.1, 6.8.0 - 6.8.14, 6.7.0 - 6.7.2, 6.5.0 - 6.5.4, 6.4.0 - 6.4.3, 6.3.0 - 6.3.2, 6.2.0 - 6.2.4, 6.1.0 - 6.1.4, 6.0.0 - 6.0.1, 6.6.0 - 6.6.2
External links
http://www.elastic.co/community/security#ESA-2021-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
