CVE-2021-22145
CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
Affected products
Elastic · Elasticsearchpublic PoCs found — 3
githubgithub.com/niceeeeeeee/CVE-2021-22145-poc★ 0cve_referencepacketstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50149unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.htmlhttps://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177https://gist.github.com/lucasdrufva/f9c5d7c9e26ee087b736d727953afd34https://security.netapp.com/advisory/ntap-20210827-0006/https://www.oracle.com/security-alerts/cpuapr2022.html