CVE-2021-22145: CVE-2021-22145

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-22145

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Elastic 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Elastic是荷兰Elastic公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算，并支持通过HTTP使用JSON进行数据索引。 Elastic search 中存在安全漏洞。Elastic Elastic search 可能允许远程身份验证的攻击者获取敏感信息，这是由错误报告功能中的越界读取缺陷引起的。通过发送特制的查询，攻击者可以利用该漏洞从数据缓冲区中获取敏感信息，并利用这些信息对受影响的系统发起进一步的攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Elastic	Elasticsearch	7.10.0 ~ 7.13.3	-

II. Public POCs for CVE-2021-22145

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/niceeeeeeee/CVE-2021-22145-poc	POC Details
2	ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22145.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-22145

Please Login to view more intelligence information

https://gist.github.com/lucasdrufva/f9c5d7c9e26ee087b736d727953afd34technical-description
https://security.netapp.com/advisory/ntap-20210827-0006/x_refsource_CONFIRM
http://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-22145

IV. Related Vulnerabilities

Same product: Elasticsearch

Same vendor: Elastic

Same weakness: CWE-200

V. Comments for CVE-2021-22145

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-22145

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-22145

III. Intelligence Information for CVE-2021-22145

IV. Related Vulnerabilities

V. Comments for CVE-2021-22145

Leave a comment