Описание
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges.
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.7.2 (исключая)
cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00301
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 9.8
github
8 дней назад
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges.
EPSS
Процентиль: 53%
0.00301
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-285