{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T07:03:09.284","vulnerabilities":[{"cve":{"id":"CVE-2021-22135","sourceIdentifier":"security@elastic.co","published":"2021-05-13T18:15:08.957","lastModified":"2024-11-21T05:49:34.430","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view."},{"lang":"es","value":"Elasticsearch versiones anteriores a 7.11.2 y 6.8.15, contienen un fallo en la divulgación de documentos que se encontró en la API suggester y profile de Elasticsearch cuando Document and Field Level Security está habilitada. La API suggester y profile normalmente están deshabilitadas para un índice cuando la seguridad a nivel de documento está habilitada en el índice. Determinadas consultas son capaces de habilitar el profiler y suggester, lo que podría conllevar a revelar la existencia de documentos y campos que el atacante no sería capaz de visualizar"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*","versionEndExcluding":"6.8.15","matchCriteriaId":"5F9FE5BF-96E1-47AF-A8DF-3836949E3BE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*","versionStartIncluding":"7.11.0","versionEndExcluding":"7.11.2","matchCriteriaId":"676FCEC5-9858-437A-A06F-9A6C08502E7E"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125","source":"security@elastic.co","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210625-0003/","source":"security@elastic.co","tags":["Third Party Advisory"]},{"url":"https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210625-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}