PT-2021-14870 · Elastic · Elasticsearch

Lucas Drufva

Published

2021-07-21

Updated

2025-07-08

CVE-2021-22145

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.10.0 through 7.13.3

Description: A memory disclosure issue was identified in error reporting, allowing a user who can submit arbitrary queries to potentially retrieve sensitive information, including Elasticsearch documents or authentication details, by submitting a malformed query that results in an error message containing previously used portions of a data buffer.

Recommendations: For Elasticsearch versions 7.10.0 through 7.13.3, update to a version that contains a fix for this issue to prevent potential exploitation.

Exploit

Fix

Information Disclosure

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-209

Related Identifiers

BIT-ELASTICSEARCH-2021-22145

CVE-2021-22145

GHSA-Q394-H7F5-7F44

GHSA-WF8F-6423-GFXG

Affected Products

Elasticsearch

PT-2021-14870 · Elastic · Elasticsearch

CVE-2021-22145

Weakness Enumeration

Related Identifiers

Affected Products

References · 24