{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T08:27:40.265","vulnerabilities":[{"cve":{"id":"CVE-2021-37940","sourceIdentifier":"security@elastic.co","published":"2021-12-07T19:15:07.493","lastModified":"2024-11-21T06:16:06.910","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible."},{"lang":"es","value":"Se ha detectado una vulnerabilidad de divulgación de información por medio de una petición GET de tipo server-side request forgery con la integración de Workplace Search Github Enterprise Server. Usando esta vulnerabilidad, un administrador malicioso de Workplace Search podría usar la integración de GHES para visualizar hosts que podrían no ser de acceso público"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*","versionEndExcluding":"7.16.0","matchCriteriaId":"DD288110-0D8E-4CB0-BBBC-C73892A3837D"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/enterprise-search-7-16-0-security-update/291146","source":"security@elastic.co","tags":["Vendor Advisory"]},{"url":"https://discuss.elastic.co/t/enterprise-search-7-16-0-security-update/291146","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}