CVE-2020-7018 · CVEKit

cve.orgen

338 chars

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

NVDen

338 chars

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

NVDes

385 chars

Elastic Enterprise Search versiones anteriores a 7.9.0, contiene un fallo de exposición de credenciales en la Interfaz App Search. Si a un usuario se le asigna el rol ï¿½developerï¿½, podrá visualizar las credenciales de la API de administrador. Estas credenciales podrían permitir al usuario desarrollador conducir operaciones con los mismos permisos del administrador de App Search.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H