QwikSec

Security Database

CVE

CWE

Training

CVE-2020-7018

Published: Aug 18, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

Vendor	Product	Versions
Elastic	Elastic Enterprise Search	affected `before 7.9.0`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/enterprise-search-7-9-0-security-update/245457

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.