HomePentest-Tools.com Logo

Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2020-02) CVE-2020-7009

Severity
CVSSv3 Score
8.8
Vulnerability description

Elasticsearch is prone to a privilege escalation vulnerability.

Risk description

Elasticsearch contains a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

Recommendation

Update to version 6.8.8, 7.6.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 31, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available