More information about this CVE will likely be available in a few days.


Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

Related CPE's

Could not find any relations

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics