CVE-2021-22148 - log back

CVE-2021-22148 edited at 03 Aug 2021 15:58:25
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
References
+ https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
CVE-2021-22148 created at 03 Aug 2021 15:56:49
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes