Elastic · Elasticsearch · CVE-2021-22145
Name of the Vulnerable Software and Affected Versions:
Elasticsearch versions 7.10.0 through 7.13.3
Description:
A memory disclosure issue was identified in error reporting, allowing a user who can submit arbitrary queries to potentially retrieve sensitive information, including Elasticsearch documents or authentication details, by submitting a malformed query that results in an error message containing previously used portions of a data buffer.
Recommendations:
For Elasticsearch versions 7.10.0 through 7.13.3, update to a version that contains a fix for this issue to prevent potential exploitation.