An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2023-11-22T01:45:21.008Z
Updated: 2024-08-04T01:30:08.934Z
Reserved: 2021-08-03T20:49:52.461Z
Link: CVE-2021-37937
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-22T02:15:42.043
Modified: 2024-11-21T06:16:06.437
Link: CVE-2021-37937
Redhat
No data.