Lucene search
GoogleOSV:GHSA-GFV5-GRX2-9JW2HistoryMay 24, 2022 - 5:13 p.m.
Improper Privilege Management in Elasticsearch
2022-05-2417:13:01
Google
osv.dev
10
0.003 Low
EPSS
Percentile
69.1%
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Related
redhatcve
redhatcve
CVE-2020-7009
2020-04-09 10:33:18
CVE-2020-7014
2020-06-19 15:55:53
ubuntucve
ubuntucve
CVE-2020-7009
2020-03-31 00:00:00
CVE-2020-7014
2020-06-03 00:00:00
osv
osv
BIT-elasticsearch-2020-7009
2024-03-06 10:54:57
CVE-2020-7009
2020-03-31 19:15:14
BIT-elasticsearch-2020-7014
2024-03-06 10:54:49
nvd
nvd
CVE-2020-7009
2020-03-31 19:15:14
CVE-2020-7014
2020-06-03 18:15:23
prion
prion
Privilege escalation
2020-03-31 19:15:00
Authentication flaw
2020-06-03 18:15:00
cvelist
cvelist
CVE-2020-7009
2020-03-31 19:05:13
CVE-2020-7014
2020-06-03 17:55:44
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2020-7009 affecting package rubygem-elasticsearch 7.6.0-1
2022-05-26 19:04:38
github
github
Improper Privilege Management in Elasticsearch
2022-05-24 17:13:01
Privilege Escalation Flaw in Elasticsearch
2021-03-18 19:27:20
cve
cve
CVE-2020-7009
2020-03-31 19:15:14
CVE-2020-7014
2020-06-03 18:15:23
checkpoint_advisories
checkpoint_advisories
Elasticsearch Privilege Escalation (CVE-2020-7009)
2020-07-28 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2020-02)
2021-01-25 00:00:00
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2020-07)
2021-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00