CVE-2021-22147: 
Java vulnerability analysis and mitigation

Elasticsearch versions prior to 7.14.0 contained a vulnerability where document and field level security was not properly applied to searchable snapshots. This vulnerability was identified as CVE-2021-22147 and was disclosed in August 2021. The vulnerability affected Elasticsearch versions from 7.11.0 to 7.13.4, potentially exposing sensitive information to authenticated users (Elastic Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue stems from a failure to apply document and field level security controls specifically in the context of searchable snapshots functionality. This vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

When successfully exploited, this vulnerability could allow an authenticated user to gain unauthorized access to information they should not be able to view. The vulnerability specifically impacts the confidentiality of data, with no direct impact on system integrity or availability (Elastic Advisory, NetApp Advisory).

Users who are using document or field level security with searchable snapshots should upgrade to Elasticsearch version 7.14.0 or later to address this vulnerability. No alternative workarounds have been provided (Elastic Advisory).