CVE-2021-22149

More information about this CVE will likely be available in a few days.

Description

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

Related CPE's

Could not find any relations

References

https://www.elastic.co/community/security/

https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io