Candidate: CVE-2021-22134
PublicDate: 2021-03-08 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22134
Description:
 A document disclosure flaw was found in Elasticsearch versions after 7.6.0
 and before 7.11.0 when Document or Field Level Security is used. Get
 requests do not properly apply security permissions when executing a query
 against a recently updated document. This affects documents that have been
 updated and not yet refreshed in the index. This could result in the search
 disclosing the existence of documents and fields the attacker should not be
 able to view.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_elasticsearch:
upstream_elasticsearch: needs-triage
precise/esm_elasticsearch: DNE
trusty_elasticsearch: ignored (out of standard support)
trusty/esm_elasticsearch: DNE
xenial_elasticsearch: ignored (end of standard support, was needs-triage)
bionic_elasticsearch: DNE
focal_elasticsearch: DNE
groovy_elasticsearch: DNE
hirsute_elasticsearch: DNE
impish_elasticsearch: DNE
jammy_elasticsearch: DNE
devel_elasticsearch: DNE