CVE-2021-22146

HIGH

Elastic Cloud Enterprise - Info Disclosure

Title source: llm

Description

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.

Exploits (2)

exploitdb WORKING POC

by Joan Martinez · pythonwebappsmultiple

https://www.exploit-db.com/exploits/50152

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by magichk · poc

https://github.com/magichk/cve-2021-22146

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163655/Elasticsearch-ECE-7.13.3-Database-Disclosure.html

[Vendor Advisory] https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210819-0005/

Scores

CVSS v3 7.5

EPSS 0.2990

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

elastic/elasticsearch 7.13.3

Published Jul 21, 2021

Tracked Since Feb 18, 2026