exploitDog

CVE-2021-22148

Опубликовано: 15 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.

Ссылки

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
Vendor Advisory
https://www.elastic.co/community/security/
Vendor Advisory
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
Vendor Advisory
https://www.elastic.co/community/security/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*

Версия до 7.14.0 (исключая)

EPSS

Процентиль: 46%

0.00232

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

CWE-732

Связанные уязвимости

GHSA-5wjp-4jpf-wmfh

github

больше 3 лет назад

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.

EPSS

Процентиль: 46%

0.00232

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

CWE-732