Authorization Bypass in Elastic Enterprise Search App Search by Elastic
CVE-2021-22149
8.8HIGH
What is CVE-2021-22149?
Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a vulnerability where API keys were not properly authorized via an alternate route. This flaw could allow an authenticated attacker to exploit these API keys, thereby gaining access to the privileges of higher-authority users without proper authorization. Users are urged to update to the latest version to mitigate this risk.
Affected Version(s)
Elastic Enterprise Search before 7.14.0