Elasticsearch@6.7.0 Security Vulnerabilities and Issues — Elasticsearch@6.7.0 CVE List

Lucene search

ElasticElasticsearch6.7.0

3 matches found

CVE•added 2020/03/31 7:15 p.m.•127 views

CVE-2020-7009

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

8.8CVSS8.6AI score0.01519EPSS

CVE•added 2020/06/03 6:15 p.m.•93 views

CVE-2020-7014

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication toke...

8.8CVSS8.7AI score0.01519EPSS

CVE•added 2019/10/30 2:15 p.m.•90 views

CVE-2019-7619

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

5.3CVSS5.3AI score0.01345EPSS