CVE-2021-22148

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
elasticCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
elasticenterprise_search
𝑥
< 7.14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://www.elastic.co/community/security/
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344
https://www.elastic.co/community/security/