CVE-2020-7014 is a vulnerability in Elasticsearch
Published on June 3, 2020
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2020-7014
Want to know whenever a new CVE is published for Elasticsearch? stack.watch will email you.
Affected Versions
Elasticsearch Version 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 is affected by CVE-2020-7014Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.