CVE-2020-7018

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

Related Vulnerabilities

CVE-2020-7009

HIGH
CVSS:8.8(High)

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can ...

CWE-2662020

CVE-2020-7014

HIGH
CVSS:8.8(High)

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and al...

CWE-2662020

CVE-2022-20759

HIGH
CVSS:8.8(High)

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authen...

CWE-2662022

CVE-2022-2637

HIGH
CVSS:8.8(High)

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Pl...

CWE-2662022

CVE-2022-3496

HIGH
CVSS:8.8(High)

A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Adm...

CWE-2662022

CVE-2022-3770

HIGH
CVSS:8.8(High)

A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestr...

CWE-2662022