AVG-1884 log

Package elasticsearch
Status Not affected
Severity Critical
Type multiple issues
Affected 7.10.1-1
Fixed Not affected
Current 7.10.2-1 [community]
Ticket None
Created Tue Apr 27 19:39:29 2021
Issue Severity Remote Type Description
CVE-2021-22149 High Yes Access restriction bypass
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were missing authorization via an alternate...
CVE-2021-22148 High Yes Access restriction bypass
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were not bound to the same engines as their...
CVE-2021-22147 Medium Yes Information disclosure
A flaw was discovered in Elasticsearch versions 7.11.0 to 7.13.4 where document and field level security was not applied to searchable snapshots. This could...
CVE-2021-22140 Critical Yes Xml external entity injection
An XML External Entity Injection issue (XXE) was found in the App Search web crawler beta feature. Using this vector, an attacker whose website is being...