CVE-2020-7018 is a vulnerability in Elastic Enterprise Search
Published on August 18, 2020
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2020-7018
Want to know whenever a new CVE is published for Elastic Enterprise Search? stack.watch will email you.
Affected Versions
Elastic Enterprise Search Version before 7.9.0 is affected by CVE-2020-7018Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.