Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys.

Overview :
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CVE-2020-7009

Elastic Stack 7.6.0 released

We are excited to announce the general availability of version 7.6 of the Elastic Stack. This release streamlines automated threat detection with the launch of a new SIEM detection engine and a curated set of detection rules aligned to the MITRE ATT&CK™ knowledge base, brings performance improvements to Elasticsearch, makes supervised machine learning more turnkey with inference-on-ingest features, and deepens cloud observability and security with the launch of new data integrations. And that’s just a small slice of all that’s new and exciting in this release.

Version 7.6 is available right now on our Elasticsearch Service on Elastic Cloud — the only hosted Elasticsearch offering to include these new features. Or you can download the Elastic Stack for a self-managed experience.

Elasticsearch authentication API key privilege escalation (ESA-2020-02)

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

Affected Versions
All versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 are vulnerable to this issue.

Solutions and Mitigations
Users should upgrade to Elasticsearch version 7.6.2 or 6.8.8. Users who are unable to upgrade can mitigate this flaw by disabling API keys by setting xpack.security.authc.api_key.enabled to false in the elasticsearch.yml file.

CVE ID: CVE-2020-7009 9

References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION

CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION

Description OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset

CVE-2022-31856 : NEWSLETTER MODULE ON OPENCART /INDEX.PHP ZEMEZ_NEWSLETTER_EMAIL SQL INJECTION

CVE-2022-31856 : NEWSLETTER MODULE ON OPENCART /INDEX.PHP ZEMEZ_NEWSLETTER_EMAIL SQL INJECTION

Description Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. References https://www.exploit-db.com/exploits/50942

CVE-2022-34918 : LINUX KERNEL UP TO 5.18.9 USER NAMESPACE NF_TABLES_API.C NFT_SET_ELEM_INIT TYPE CONFUSION

CVE-2022-34918 : LINUX KERNEL UP TO 5.18.9 USER NAMESPACE NF_TABLES_API.C NFT_SET_ELEM_INIT TYPE CONFUSION

Description An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a