CVE-2020-7018
HIGHElastic Enterprise Search < 7.9.0 - Privilege Escalation via Developer Role Credential Exposure
Title source: llmDescription
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/enterprise-search-7-9-0-security-update/245457
Scores
CVSS v3
8.8
EPSS
0.0021
EPSS Percentile
42.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
CWE-266
Status
published
Products (1)
elastic/enterprise_search
< 7.9.0
Published
Aug 18, 2020
Tracked Since
Feb 18, 2026