Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-7009

Опубликовано: 31 мар. 2020
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
Версия от 6.7.0 (включая) до 6.8.8 (исключая)
cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.6.2 (исключая)

EPSS

Процентиль: 82%
0.01753
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-266
CWE-269

Связанные уязвимости

ubuntu логотип

CVE-2020-7009

CVSS3: 8.8
ubuntu
почти 6 лет назад

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

redhat логотип

CVE-2020-7009

CVSS3: 8.8
redhat
почти 6 лет назад

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

msrc логотип

CVE-2020-7009

CVSS3: 8.8
msrc
около 4 лет назад

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

debian логотип

CVE-2020-7009

CVSS3: 8.8
debian
почти 6 лет назад

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...

github логотип

GHSA-gfv5-grx2-9jw2

CVSS3: 8.8
github
больше 3 лет назад

Improper Privilege Management in Elasticsearch

EPSS

Процентиль: 82%
0.01753
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-266
CWE-269