Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2020-03-31T19:05:13

Updated: 2024-08-04T09:18:03.074Z

Reserved: 2020-01-14T00:00:00

Link: CVE-2020-7009

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-31T19:15:14.447

Modified: 2024-11-21T05:36:29.090

Link: CVE-2020-7009

cve-icon Redhat

Severity : Important

Publid Date: 2020-03-31T00:00:00Z

Links: CVE-2020-7009 - Bugzilla