3 matches found
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7018,CVE-2020-7019 )
Summary IBM Cloud Private is vulnerable to Elastic vulnerabilities Vulnerability Details CVEID: CVE-2020-7018 DESCRIPTION: Elastic Enterprise Search could allow a remote authenticated attacker to obtain sensitive information, caused by a credential exposure flaw in the App Search interface. By...
CVE-2020-7018
Elastic Enterprise Search prior to 7.9.0 is affected by a credential exposure in the App Search interface. If a user has the developer role, they can view administrator API credentials, enabling operations with App Search administrator permissions. The issue is fixed by upgrading to Enterprise Se...