VYPR
High severityNVD Advisory· Published Mar 31, 2020· Updated Aug 4, 2024

CVE-2020-7009

CVE-2020-7009

Description

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.elasticsearch:elasticsearchMaven
>= 6.7.0, < 6.8.86.8.8
org.elasticsearch:elasticsearchMaven
>= 7.0.0, < 7.6.27.6.2

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.