CVE-2021-22148

More information about this CVE will likely be available in a few days.

Description

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.

Related CPE's

Could not find any relations

References

https://www.elastic.co/community/security/

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io