CVE-2021-22149 log

Source
Severity High
Remote Yes
Type Access restriction bypass
Description
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
Group Package Affected Fixed Severity Status Ticket
AVG-1884 elasticsearch 7.10.1-1 Critical Not affected
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344