Privilege Escalation Vulnerability in Elasticsearch by Elastic
CVE-2020-7014
8.8HIGH
Summary
A privilege escalation flaw exists in Elasticsearch versions 6.7.0 through 6.8.7 and 7.0.0 through 7.6.1 due to an incomplete fix for a previous vulnerability. This issue arises when an attacker is able to generate API keys and authentication tokens. By exploiting this flaw, an attacker can create an authentication token with elevated privileges, which could lead to unauthorized access and potentially severe repercussions for system integrity. It is essential for users of the affected versions to apply the necessary updates to mitigate this risk.
Affected Version(s)
Elasticsearch 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved