CVE-2020-7009Incorrect Privilege Assignment in Elasticsearch

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege ManagementCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-755Improper Handling of Exceptional Conditions17 documents8 sources
Severity
8.8HIGHNVD
EPSS
1.8%
top 17.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Elasticsearch
Timeline
PublishedMar 31
Latest updateApr 15

Description

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDelastic/elasticsearch6.7.06.8.8+1
CVEListV5elastic/elasticsearch6.7.0 to 6.8.7 and 7.0.0 to 7.6.1, All versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2+1

🔴Vulnerability Details

6
GHSA
Improper Privilege Management in Elasticsearch2022-05-24
OSV
Improper Privilege Management in Elasticsearch2022-05-24
GHSA
Ory fosite contains Improper Handling of Exceptional Conditions2021-05-24
GHSA
Privilege Escalation Flaw in Elasticsearch2021-03-18
CVEList
CVE-2020-7009: Elasticsearch versions from 62020-03-31

📋Vendor Advisories

5
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Elasticsearch) — CVE-2020-70092023-04-15
Microsoft
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and al2020-06-09
Red Hat
elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges2020-06-03
Red Hat
elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges2020-03-31
Microsoft
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can 2020-03-10

💬Community

5
Bugzilla
CVE-2020-7014 elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges2020-06-19
Bugzilla
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [openstack-rdo]2020-04-06
Bugzilla
CVE-2020-7009 elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges2020-04-06
Bugzilla
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [epel-all]2020-04-06
Bugzilla
CVE-2020-7009 python-elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges [fedora-all]2020-04-06
CVE-2020-7009 — Incorrect Privilege Assignment | cvebase