CVE-2021-22149 log
Source |
|
Severity | High |
Remote | Yes |
Type | Access restriction bypass |
Description | A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1884 | elasticsearch | 7.10.1-1 | Critical | Not affected |
References |
---|
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344 |