elasticsearch

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Distributed RESTful search engine built on top of Lucene
Version 7.10.1-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1638 7.10.1-1 Medium Vulnerable FS#70137
AVG-1455 7.10.1-1 Medium Vulnerable FS#70061
Issue Group Severity Remote Type Description
CVE-2021-22145 AVG-1638 Medium Yes Information disclosure
A memory disclosure vulnerability was identified in Elasticsearch’s error reporting in versions 7.10.0 up to 7.13.3. A user with the ability to submit...
CVE-2021-22144 AVG-1638 Medium Yes Denial of service
An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser before versions 7.13.3...
CVE-2021-22137 AVG-1638 Medium Yes Information disclosure
A document disclosure flaw was found in Elasticsearch versions before 6.8.15 and 7.11.2 when Document or Field Level Security is used. Search queries do not...
CVE-2021-22135 AVG-1638 Medium Yes Information disclosure
In Elasticsearch versions before 7.11.2 and 6.8.15, a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and...
CVE-2021-22134 AVG-1638 Low Yes Information disclosure
A document disclosure flaw was found in Elasticsearch before version 7.11.0 when Document or Field Level Security is used. Get requests do not properly...
CVE-2021-22132 AVG-1455 Medium Yes Information disclosure
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1884 7.10.1-1 Critical Not affected
AVG-912 6.6.0-1 6.6.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-22140 AVG-1884 Critical Yes Xml external entity injection
An XML External Entity Injection issue (XXE) was found in the App Search web crawler beta feature. Using this vector, an attacker whose website is being...
CVE-2019-7611 AVG-912 High Yes Privilege escalation
A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split...

Advisories

Date Advisory Group Severity Type
25 Feb 2019 ASA-201902-27 AVG-912 High privilege escalation