CVE-2021-28938
Published Apr 13, 2021
Last updated 4 years ago
Overview
- Description
- Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query's privileges.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
"vulnerable": true,
"matchCriteriaId": "F3307B1C-19E2-40CA-86C2-C6E08DDCF860",
"versionEndExcluding": "6.8.14-10.3.9"
},
{
"criteria": "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
"vulnerable": true,
"matchCriteriaId": "897F620C-A917-44C1-87DE-F6313F963516",
"versionEndExcluding": "7.6.2-20.2",
"versionStartIncluding": "7.3.2-19.0"
},
{
"criteria": "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
"vulnerable": true,
"matchCriteriaId": "0AB5482B-5A53-4071-A6C8-1DF091BC0DA9",
"versionEndExcluding": "7.9.3-21.6",
"versionStartIncluding": "7.7.1-20.0"
},
{
"criteria": "cpe:2.3:a:siren:federate:*:*:*:*:*:elasticsearch:*:*",
"vulnerable": true,
"matchCriteriaId": "7B18A0F0-510E-46F5-BACE-EF8528ABF395",
"versionEndExcluding": "7.10.2-22.2",
"versionStartIncluding": "7.10.1-22.0"
}
],
"operator": "OR"
}
]
}
]