mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
72 lines
2.4 KiB
JSON
72 lines
2.4 KiB
JSON
{
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@elastic.co",
|
|
"ID": "CVE-2021-22147",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Elastic",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Elasticsearch",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "versions 7.11.0 to 7.13.4"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.elastic.co/community/security/",
|
|
"refsource": "MISC",
|
|
"name": "https://www.elastic.co/community/security/"
|
|
},
|
|
{
|
|
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344",
|
|
"refsource": "MISC",
|
|
"name": "https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20211008-0002/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20211008-0002/"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view."
|
|
}
|
|
]
|
|
}
|
|
} |