What is CVE-2021-22145?

CVE-2021-22145 is a vulnerability in Elastic Elasticsearch, classified under Information Disclosure. Published 2021-07-21.

Is CVE-2021-22145 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Elastic Elasticsearch

CVE-2021-22145

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message r…

Vulnerability class: Information Disclosure

EPSS: 0.679 (98.6th percentile) — read the EPSS interpretation.

Affected products

Elastic Elasticsearch — versions 7.10.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210827-0006/ (x_refsource_CONFIRM)
discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177 (x_refsource_MISC)
packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html (x_refsource_MISC)
gist.github.com/lucasdrufva/f9c5d7c9e26ee087b736d727953afd34 (technical-description)

Frequently asked questions

What is CVE-2021-22145?: CVE-2021-22145 is a vulnerability in Elastic Elasticsearch, classified under Information Disclosure. Published 2021-07-21.
Is CVE-2021-22145 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.