Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
Weakness
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Elasticsearch | Elastic | 6.7.0 (including) | 6.8.8 (excluding) |
| Elasticsearch | Elastic | 7.0.0 (including) | 7.6.2 (excluding) |
| Elasticsearch | Ubuntu | esm-apps/xenial | * |
| Elasticsearch | Ubuntu | trusty | * |
| Elasticsearch | Ubuntu | xenial | * |
Potential Mitigations
References
- https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
- https://security.netapp.com/advisory/ntap-20200403-0004/
- https://www.elastic.co/community/security/
- https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
- https://security.netapp.com/advisory/ntap-20200403-0004/
- https://www.elastic.co/community/security/