Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/enterprise-search-7-9-0-security-update/245457 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2020-08-18T16:40:14
Updated: 2020-08-18T16:40:14
Reserved: 2020-01-14T00:00:00
Link: CVE-2020-7018
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-18T17:15:11.627
Modified: 2020-08-26T14:11:08.190
Link: CVE-2020-7018
JSON object: View
Redhat Information
No data.