CVE-2021-22148

September 25, 2021

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.

Summary:

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.

Reference Links(if available):

  • https://www.elastic.co/community/security/
  • https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    April 18, 2024
    CISA Logo

    CISA: CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

    April 18, 2024
    CISA Logo

    CISA: CISA Releases Nine Industrial Control Systems Advisories

    April 18, 2024
    CISA Logo

    CISA: Compromise of Sisense Customer Data

    April 18, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    April 18, 2024