CVE-2020-7009

2020-03-3119:05:13

CWE-266

elastic

www.cve.org

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CNA Affected

[
  {
    "product": "Elasticsearch",
    "vendor": "Elastic",
    "versions": [
      {
        "status": "affected",
        "version": "All versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2"
      }
    ]
  }
]