Preface: 3350 companies reportedly use Elasticsearch in their tech stacks, including Uber, Shopify, and Udemy.
Background: Organizations can use big data analytics systems and software to make data-driven decisions that can improve business-related outcomes. Elasticsearch is a popular open-source search
and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.
Remark: Elastic, the company behind Elasticsearch and Kibana, has made a change to their licensing. They’ve taken a unique approach to “doubling down on open”: customers can now choose between two non-open source licenses.
Vulnerability details: Flaw found in Kibana and Elasticsearch version before 7.11.2 abd 6.8.15. It risk to exposure of Sensitive Information to an Unauthorized person and unintentionally extending authenticated users sessions. Details shown as below:
CVE-2021-22136 – https://nvd.nist.gov/vuln/detail/CVE-2021-22136
CVE-2021-22135 – https://nvd.nist.gov/vuln/detail/CVE-2021-22135