Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fq33-497v-4h5x

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

Ссылки

EPSS

Процентиль: 50%
0.00266
Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-22149

Дефекты

CWE-732
CWE-862

Связанные уязвимости

nvd логотип

CVE-2021-22149

CVSS3: 8.8
nvd
больше 4 лет назад

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

fstec логотип

BDU:2021-05344

CVSS3: 8.8
fstec
больше 4 лет назад

Уязвимость инструмента для поиска приложений Elastic App Search, связанная с неправильным назначением разрешений, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 50%
0.00266
Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-22149

Дефекты

CWE-732
CWE-862