CVE-2020-7018 Vulnerability Details

  /     /     /  

CVE-2020-7018 Metadata Quick Info

CVE Published: 18/08/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: elastic | Vendor: Elastic | Product: Elastic Enterprise Search
Status : PUBLISHED

---

CVE-2020-7018 Description

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-266
CWE Name: CWE-266: Incorrect Privilege Assignment
Source: Elastic

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).