CVE-2020-7014 - Vulnerability Details

Vendors	Products
Elastic	Elasticsearch

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2020-7014
https://security.netapp.com/advisory/ntap-20200619-0003/
https://www.cve.org/CVERecord?id=CVE-2020-7014
https://www.elastic.co/community/security/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Elasticsearch", "vendor": "Elastic", "versions": [{"status": "affected", "version": "6.7.0 to 6.8.7 and 7.0.0 to 7.6.1"}]}], "descriptions": [{"lang": "en", "value": "The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-19T10:06:05", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.elastic.co/community/security/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200619-0003/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2020-7014", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Elasticsearch", "version": {"version_data": [{"version_value": "6.7.0 to 6.8.7 and 7.0.0 to 7.6.1"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-266: Incorrect Privilege Assignment"}]}]}, "references": {"reference_data": [{"name": "https://www.elastic.co/community/security/", "refsource": "MISC", "url": "https://www.elastic.co/community/security/"}, {"name": "https://security.netapp.com/advisory/ntap-20200619-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200619-0003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:18:02.572Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.elastic.co/community/security/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200619-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2020-7014", "datePublished": "2020-06-03T17:55:44", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.572Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Elasticsearch (string)

vendor : Elastic (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-266 (string)

description : CWE-266: Incorrect Privilege Assignment (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-06-19T10:06:05 (string)

orgId : 271b6943-45a9-4f3a-ab4e-976f3fa05b5a (string)

shortName : elastic (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.elastic.co/community/security/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://security.netapp.com/advisory/ntap-20200619-0003/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@elastic.co (string)

ID : CVE-2020-7014 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Elasticsearch (string)

version : { »

version_data : [ »

0 : { »

version_value : 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 (string)

}

]

}

]

}

vendor_name : Elastic (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-266: Incorrect Privilege Assignment (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.elastic.co/community/security/ (string)

refsource : MISC (string)

url : https://www.elastic.co/community/security/ (string)

}

1 : { »

name : https://security.netapp.com/advisory/ntap-20200619-0003/ (string)

refsource : CONFIRM (string)

url : https://security.netapp.com/advisory/ntap-20200619-0003/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T09:18:02.572Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.elastic.co/community/security/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://security.netapp.com/advisory/ntap-20200619-0003/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 271b6943-45a9-4f3a-ab4e-976f3fa05b5a (string)

assignerShortName : elastic (string)

cveId : CVE-2020-7014 (string)

datePublished : 2020-06-03T17:55:44 (string)

dateReserved : 2020-01-14T00:00:00 (string)

dateUpdated : 2024-08-04T09:18:02.572Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA3F192-8348-43DA-8075-D4062E7D89AC", "versionEndIncluding": "6.8.7", "versionStartIncluding": "6.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "3628E8E8-502E-44FD-AF0E-E30A26B16D03", "versionEndIncluding": "7.6.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges."}, {"lang": "es", "value": "Se encontr\u00f3 que la soluci\u00f3n para CVE-2020-7009 estaba incompleta. Elasticsearch versiones desde 6.7.0 hasta 6.8.7 y 7.0.0 hasta 7.6.1, contienen un fallo de escalada de privilegios si un atacante puede crear claves de la API y tambi\u00e9n tokens de autenticaci\u00f3n. Un atacante que puede generar una clave de la API y un token de autenticaci\u00f3n puede llevar a cabo una serie de pasos que resultan en que un token de autenticaci\u00f3n se genere con privilegios elevados."}], "id": "CVE-2020-7014", "lastModified": "2024-11-21T05:36:29.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-03T18:15:23.043", "references": [{"source": "bressers@elastic.co", "url": "https://security.netapp.com/advisory/ntap-20200619-0003/"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20200619-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security/"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "bressers@elastic.co", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FEA3F192-8348-43DA-8075-D4062E7D89AC (string)

versionEndIncluding : 6.8.7 (string)

versionStartIncluding : 6.7.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3628E8E8-502E-44FD-AF0E-E30A26B16D03 (string)

versionEndIncluding : 7.6.1 (string)

versionStartIncluding : 7.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. (string)

}

1 : { »

lang : es (string)

value : Se encontró que la solución para CVE-2020-7009 estaba incompleta. Elasticsearch versiones desde 6.7.0 hasta 6.8.7 y 7.0.0 hasta 7.6.1, contienen un fallo de escalada de privilegios si un atacante puede crear claves de la API y también tokens de autenticación. Un atacante que puede generar una clave de la API y un token de autenticación puede llevar a cabo una serie de pasos que resultan en que un token de autenticación se genere con privilegios elevados. (string)

}

]

id : CVE-2020-7014 (string)

lastModified : 2024-11-21T05:36:29.697 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-06-03T18:15:23.043 (string)

references : [ »

0 : { »

source : bressers@elastic.co (string)

url : https://security.netapp.com/advisory/ntap-20200619-0003/ (string)

}

1 : { »

source : bressers@elastic.co (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.elastic.co/community/security/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.netapp.com/advisory/ntap-20200619-0003/ (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.elastic.co/community/security/ (string)

}

]

sourceIdentifier : bressers@elastic.co (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-266 (string)

}

]

source : bressers@elastic.co (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-269 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges", "id": "1849019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849019"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-266", "details": ["The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges."], "name": "CVE-2020-7014", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openshift3/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat Process Automation 7"}], "public_date": "2020-06-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-7014\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7014"], "statement": "OpenShift Container Platform 4.x and 3.11 use Elasticsearch 5.6 which does not have the API Keys feature.", "threat_severity": "Important"}

{

bugzilla : { »

description : elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges (string)

id : 1849019 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1849019 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 8.8 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

status : draft (string)

}

cwe : CWE-266 (string)

details : [ »

0 : The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. (string)

]

name : CVE-2020-7014 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:7 (string)