Lucene search
PRIOn knowledge basePRION:CVE-2020-7009HistoryMar 31, 2020 - 7:15 p.m.
Privilege escalation
2020-03-3119:15:00
PRIOn knowledge base
www.prio-n.com
6
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| elasticsearch | ge | 6.7.0 | |
| elasticsearch | lt | 6.8.8 | |
| elasticsearch | ge | 7.0.0 | |
| elasticsearch | lt | 7.6.2 |
Related
cvelist
cvelist
CVE-2020-7009
2020-03-31 19:05:13
CVE-2020-7014
2020-06-03 17:55:44
redhatcve
redhatcve
CVE-2020-7009
2020-04-09 10:33:18
CVE-2020-7014
2020-06-19 15:55:53
ubuntucve
ubuntucve
CVE-2020-7009
2020-03-31 00:00:00
CVE-2020-7014
2020-06-03 00:00:00
osv
osv
BIT-elasticsearch-2020-7009
2024-03-06 10:54:57
CVE-2020-7009
2020-03-31 19:15:14
Improper Privilege Management in Elasticsearch
2022-05-24 17:13:01
nvd
nvd
CVE-2020-7009
2020-03-31 19:15:14
CVE-2020-7014
2020-06-03 18:15:23
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2020-7009 affecting package rubygem-elasticsearch 7.6.0-1
2022-05-26 19:04:38
github
github
Improper Privilege Management in Elasticsearch
2022-05-24 17:13:01
Privilege Escalation Flaw in Elasticsearch
2021-03-18 19:27:20
cve
cve
CVE-2020-7009
2020-03-31 19:15:14
CVE-2020-7014
2020-06-03 18:15:23
checkpoint_advisories
checkpoint_advisories
Elasticsearch Privilege Escalation (CVE-2020-7009)
2020-07-28 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2020-02)
2021-01-25 00:00:00
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2020-07)
2021-01-25 00:00:00
prion
prion
Authentication flaw
2020-06-03 18:15:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00