CVE-2020-7009
published 2020-06-03CVE-2020-7009: The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.60%
72.8th percentile
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | — | — |
| elastic | elasticsearch | >= 6.7.0 < 6.8.8 | 6.8.8 |
| elastic | elasticsearch | 6.7.0 – 6.8.7 | — |
| elastic | elasticsearch | >= 7.0.0 < 7.6.2 | 7.6.2 |
| elastic | elasticsearch | 7.0.0 – 7.6.1 | — |
| github.com | ory_fosite | >= 0 < 0.34.0 | 0.34.0 |
| msrc | cm1_rubygem-elasticsearch_8.2.0-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
ghsa8.8HIGH
osv8.8HIGH
vendor_msrc8.8HIGH
vendor_oracle8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Privilege Management in Elasticsearch
ghsa·2022-05-24
CVE-2020-7009 [HIGH] CWE-266 Improper Privilege Management in Elasticsearch
Improper Privilege Management in Elasticsearch
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
OSV
Improper Privilege Management in Elasticsearch
osv·2022-05-24
CVE-2020-7009 [HIGH] Improper Privilege Management in Elasticsearch
Improper Privilege Management in Elasticsearch
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
GHSA
Ory fosite contains Improper Handling of Exceptional Conditions
ghsa·2021-05-24
CVE-2020-15223 [HIGH] CWE-754 Ory fosite contains Improper Handling of Exceptional Conditions
Ory fosite contains Improper Handling of Exceptional Conditions
### Impact
The `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store.
### References
[RFC 7009](https://tools.ietf.org/html/rfc7009#section-2.2.1) states that a 503 HTTP code must be returned when the server has a problem.
OSV
Privilege Escalation Flaw in Elasticsearch
osv·2021-03-18·CVSS 8.8
CVE-2020-7014 [HIGH] Privilege Escalation Flaw in Elasticsearch
Privilege Escalation Flaw in Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
GHSA
Privilege Escalation Flaw in Elasticsearch
ghsa·2021-03-18·CVSS 8.8
CVE-2020-7014 [HIGH] CWE-266 Privilege Escalation Flaw in Elasticsearch
Privilege Escalation Flaw in Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
OSV
CVE-2020-7014: The fix for CVE-2020-7009 was found to be incomplete
osv·2020-06-03·CVSS 8.8
CVE-2020-7014 [HIGH] CVE-2020-7014: The fix for CVE-2020-7009 was found to be incomplete
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
OSV
CVE-2020-7009: Elasticsearch versions from 6
osv·2020-03-31·CVSS 8.8
CVE-2020-7009 [HIGH] CVE-2020-7009: Elasticsearch versions from 6
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) — CVE-2020-7009
vendor_oracle·2023-04-15·CVSS 8.8
CVE-2020-7009 [HIGH] Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) — CVE-2020-7009
Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) vulnerability
CVE: CVE-2020-7009
CVSS: 8.8
Protocol: HTTPS
Remote exploit: No
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Microsoft
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and al
vendor_msrc·2020-06-09·CVSS 8.8
CVE-2020-7014 [HIGH] CWE-269 The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and al
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microso
Red Hat
elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
vendor_redhat·2020-06-03·CVSS 8.8
CVE-2020-7014 [HIGH] CWE-266 elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
Statement: OpenShift Container Platform 4.x and 3.11 use Elasticsearch 5.6 which does not have the API Keys feature.
Package: elasticsearch (Red Hat Decision Manager 7) - Not affected
Package: elasticsearch (Red Hat Fuse 7) - Not affected
Package: elasticsearch (Red Hat JBos
Red Hat
elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
vendor_redhat·2020-03-31·CVSS 8.8
CVE-2020-7009 [HIGH] CWE-266 elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Statement: OpenShift Container Platform 4.x and 3.11 use Elasticsearch 5.6 which does not have the API Keys feature.
Package: elasticsearch (Red Hat Decision Manager 7) - Not affected
Package: elasticsearch (Red Hat Fuse 7) - Not affected
Package: elasticsearch (Red Hat JBoss Fuse 6) - Not affected
Package: elasticsearch (Red Hat OpenShift Container Platform 3.11) - Not affected
Pa
Microsoft
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can
vendor_msrc·2020-03-10·CVSS 8.8
CVE-2020-7009 [HIGH] CWE-269 Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-7014 elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
bugzilla·2020-06-19·CVSS 8.8
CVE-2020-7014 [HIGH] CVE-2020-7014 elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
CVE-2020-7014 elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
References:
https://security.netapp.com/advisory/ntap-20200619-0003/
https://www.elastic.co/community/security/
Discussion:
Statement:
OpenShift Container Platform 4.x and 3.11 use Elasticsearch 5.6 which does not have the API Keys feature.
---
This bug is n
Bugzilla
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [openstack-rdo]
bugzilla·2020-04-06·CVSS 8.8
CVE-2020-7009 [HIGH] CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [openstack-rdo]
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [openstack-rdo]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of openstack-rdo.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bugzilla
CVE-2020-7009 elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
bugzilla·2020-04-06·CVSS 8.8
CVE-2020-7009 [HIGH] CVE-2020-7009 elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
CVE-2020-7009 elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Discussion:
Upstream Reference:
https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
---
Created python-elasticsearch tracking bugs for this issue:
Affects: epel-all [bug 1821242]
Affects: fedora-all [bug 1821241]
Affects: openstack-rdo [bug 1821243]
---
External References:
https://www.elastic.co/guide/en/elasticsearch/reference/curren
Bugzilla
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [epel-all]
bugzilla·2020-04-06·CVSS 8.8
CVE-2020-7009 [HIGH] CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [epel-all]
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg co
Bugzilla
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [fedora-all]
bugzilla·2020-04-06·CVSS 8.8
CVE-2020-7009 [HIGH] CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [fedora-all]
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpk
2020-06-03
Published