CVE-2020-7018

HIGH

Elastic Enterprise Search < 7.9.0 - Privilege Escalation via Developer Role Credential Exposure

Title source: llm
STIX 2.1

Description

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0109
EPSS Percentile 61.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-266 CWE-269
Status published
Products (1)
elastic/enterprise_search < 7.9.0
Published Aug 18, 2020
Tracked Since Feb 18, 2026