Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344 | Vendor Advisory |
https://www.elastic.co/community/security/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2021-09-15T11:44:31
Updated: 2021-09-15T11:44:31
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22149
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-15T12:15:09.073
Modified: 2022-10-25T18:30:13.083
Link: CVE-2021-22149
JSON object: View
Redhat Information
No data.