Описание
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Отчет
OpenShift Container Platform 4.x and 3.11 use Elasticsearch 5.6 which does not have the API Keys feature.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | elasticsearch | Not affected | ||
| Red Hat Fuse 7 | elasticsearch | Not affected | ||
| Red Hat JBoss Fuse 6 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | elasticsearch | Not affected | ||
| Red Hat OpenShift Container Platform 4 | elasticsearch | Not affected | ||
| Red Hat Process Automation 7 | elasticsearch | Not affected |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...
8.8 High
CVSS3