CVE-2021-22146

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise versions (affected versions not specified)

Description The issue is related to the Elasticsearch “anonymous” user being enabled by default in deployed clusters. Although this user has no permissions and cannot query any Elasticsearch APIs by default, an attacker could potentially use it to gain insight into certain details of a deployed cluster. The vulnerability is associated with security configuration errors in the Elastic Cloud Enterprise platform, which could allow a remote attacker to access protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.