Lucene search

K
cvelistElasticCVELIST:CVE-2020-7009
HistoryMar 31, 2020 - 7:05 p.m.

CVE-2020-7009

2020-03-3119:05:13
CWE-266
elastic
www.cve.org
2

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CNA Affected

[
  {
    "product": "Elasticsearch",
    "vendor": "Elastic",
    "versions": [
      {
        "status": "affected",
        "version": "All versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2"
      }
    ]
  }
]

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%