11 matches found
EUVD-2021-0670
Malware in sbrugna...
BIT-ELASTICSEARCH-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...
SUSE CVE-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...
cn.detachment:detachment-es-example (=1.0.2-RELEASE), cn.hippo4j:hippo4j-monitor-elasticsearch (>=1.4.1 <=1.5.0) +240 more potentially affected by CVE-2020-7009 via org.elasticsearch:elasticsearch (>=6.7.0 <=6.8.7)
org.elasticsearch:elasticsearch MAVEN version =6.7.0, =1.4.1, =1.4.0, =6.8.4, =6.7.2, =0.9.0.0, =0.9.0.0, =0.9.0.0, =6.7.0.0, =1.0.0-RC1, =1.0.0-RC2 - com.bowriverstudio:fscrawler-elasticsearch-client-v6 =2.6 and more Source cves: CVE-2020-7009 Source advisory: OSV:GHSA-GFV5-GRX2-9JW2...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw in...
Privilege Escalation Flaw in Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...
Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation
Summary The vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages. Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw ...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Elastic Elasticsearch
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Elastic Elasticsearch. Vulnerability Details CVEID: CVE-2020-7009 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in...
CVE-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication...
CVE-2020-7009
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...
CVE-2020-7009
CVE-2020-7009 affects Elasticsearch across 6.7.0–6.8.7 and 7.0.0–7.6.2, with a privilege-escalation flaw in the API key/authentication flow that can elevate privileges when an attacker can generate API keys. Public docs reference this vulnerability as a flaw in the API Key service, enabling an at...