CVE-2021-22147 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-22147 Interim 1 10 2025-02-17T00:51:39Z current 2021-08-07T00:52:59Z 2025-02-17T00:51:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-22147 Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 elasticsearch elasticsearch as a component of HPE Helion OpenStack 8 elasticsearch as a component of SUSE OpenStack Cloud 7 elasticsearch as a component of SUSE OpenStack Cloud 8 elasticsearch as a component of SUSE OpenStack Cloud 9 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 8 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 9 Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. CVE-2021-22147 HPE Helion OpenStack 8:elasticsearch SUSE OpenStack Cloud 7:elasticsearch SUSE OpenStack Cloud 8:elasticsearch SUSE OpenStack Cloud 9:elasticsearch SUSE OpenStack Cloud Crowbar 8:elasticsearch SUSE OpenStack Cloud Crowbar 9:elasticsearch moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N