Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-ELASTICSEARCH-2021-22146
HistoryMar 06, 2024 - 10:53 a.m.

BIT-elasticsearch-2021-22146

2024-03-0610:53:02
Google
osv.dev
5
elastic cloud enterprise
elasticsearch
default setting
permissions
attacker
deployed cluster

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.4%

JSON

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.

CPENameOperatorVersion
elasticsearchle7.13.3
elasticsearchge7.13.3

Related

zdt 1
seebug 1
cvelist 1
githubexploit 1
packetstorm 1
cve 1
prion 1
osv 1
nvd 1
exploitdb 1
zdt
zdt
Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit
2021-07-26 00:00:00
seebug
seebug
Elasticsearch ECE 7.13.3信息泄露漏洞(CVE-2021-22146)
2021-07-30 00:00:00
cvelist
cvelist
CVE-2021-22146
2021-07-21 11:28:12
githubexploit
githubexploit
Exploit for CVE-2021-22146
2021-07-22 06:50:34
packetstorm
packetstorm
Elasticsearch ECE 7.13.3 Database Disclosure
2021-07-26 00:00:00
cve
cve
CVE-2021-22146
2021-07-21 15:15:14
prion
prion
Default credentials
2021-07-21 15:15:00
osv
osv
CVE-2021-22146
2021-07-21 15:15:14
nvd
nvd
CVE-2021-22146
2021-07-21 15:15:14
exploitdb
exploitdb
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
2021-07-26 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.4%

JSON
Related for OSV:BIT-ELASTICSEARCH-2021-22146
zdt1seebug1cvelist1githubexploit1packetstorm1cve1prion1osv1nvd1exploitdb1