CVE-2021-22149 - log back

CVE-2021-22149 edited at 03 Aug 2021 15:59:23
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
References
+ https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
CVE-2021-22149 created at 03 Aug 2021 15:56:49
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes