Lucene search

K
redhatcveRedhat.comRH:CVE-2020-7009
HistoryApr 09, 2020 - 10:33 a.m.

CVE-2020-7009

2020-04-0910:33:18
redhat.com
access.redhat.com
9

0.003 Low

EPSS

Percentile

69.1%

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.