Lucene search
+L

11 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0670

Malware in sbrugna...

8.8CVSS6.8AI score0.01543EPSS
Exploits0References7
osv
osv
added 2024/03/06 10:54 a.m.30 views

BIT-ELASTICSEARCH-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

8.8CVSS8.8AI score0.01543EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 4:2 a.m.3 views

SUSE CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

8.8CVSS7.5AI score0.01543EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2022/05/24 5:13 p.m.2 views

cn.detachment:detachment-es-example (=1.0.2-RELEASE), cn.hippo4j:hippo4j-monitor-elasticsearch (>=1.4.1 <=1.5.0) +240 more potentially affected by CVE-2020-7009 via org.elasticsearch:elasticsearch (>=6.7.0 <=6.8.7)

org.elasticsearch:elasticsearch MAVEN version =6.7.0, =1.4.1, =1.4.0, =6.8.4, =6.7.2, =0.9.0.0, =0.9.0.0, =0.9.0.0, =6.7.0.0, =1.0.0-RC1, =1.0.0-RC2 - com.bowriverstudio:fscrawler-elasticsearch-client-v6 =2.6 and more Source cves: CVE-2020-7009 Source advisory: OSV:GHSA-GFV5-GRX2-9JW2...

8.8CVSS6.6AI score0.016EPSS
Exploits0
ibm
ibm
added 2022/01/11 8:10 p.m.32 views

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw in...

8.8CVSS7AI score0.02429EPSS
Exploits0Affected Software1
github
github
added 2021/03/18 7:27 p.m.62 views

Privilege Escalation Flaw in Elasticsearch

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

8.8CVSS8.6AI score0.016EPSS
Exploits0References4Affected Software1
ibm
ibm
added 2020/12/18 3:33 p.m.46 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages. Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw ...

8.8CVSS0.8AI score0.08794EPSS
Exploits2Affected Software1
ibm
ibm
added 2020/06/19 5:6 a.m.22 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Elastic Elasticsearch

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Elastic Elasticsearch. Vulnerability Details CVEID: CVE-2020-7009 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in...

8.8CVSS1.8AI score0.016EPSS
Exploits0Affected Software1
ubuntucve
ubuntucve
added 2020/06/03 6:15 p.m.39 views

CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...

8.8CVSS6.8AI score0.01543EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2020/03/31 7:15 p.m.29 views

CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

8.8CVSS6.8AI score0.016EPSS
Exploits0References4
cve
cve
added 2020/03/31 7:5 p.m.149 views

CVE-2020-7009

CVE-2020-7009 affects Elasticsearch across 6.7.0–6.8.7 and 7.0.0–7.6.2, with a privilege-escalation flaw in the API key/authentication flow that can elevate privileges when an attacker can generate API keys. Public docs reference this vulnerability as a flaw in the API Key service, enabling an at...

8.8CVSS8.6AI score0.016EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder