CVE-2020-7018

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

CVSS v3 8.8 HIGH
CVSS v2.0 4.0 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://discuss.elastic.co/t/enterprise-search-7-9-0-security-update/245457	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-08-18 17:15

Updated : 2020-08-26 14:11

NVD link : CVE-2020-7018

Mitre link : CVE-2020-7018

CVE.ORG link : CVE-2020-7018

JSON object : View

Products Affected

elastic

enterprise_search

CWE

CWE-269

Improper Privilege Management

CWE-266

Incorrect Privilege Assignment

{"id": "CVE-2020-7018", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-08-18T17:15:11.627", "references": [{"url": "https://discuss.elastic.co/t/enterprise-search-7-9-0-security-update/245457", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the \u00ef\u00bf\u00bddeveloper\u00ef\u00bf\u00bd role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator."}, {"lang": "es", "value": "Elastic Enterprise Search versiones anteriores a 7.9.0, contiene un fallo de exposici\u00f3n de credenciales en la Interfaz App Search. Si a un usuario se le asigna el rol \u00ef\u00bf\u00bddeveloper\u00ef\u00bf\u00bd, podr\u00e1 visualizar las credenciales de la API de administrador. Estas credenciales podr\u00edan permitir al usuario desarrollador conducir operaciones con los mismos permisos del administrador de App Search."}], "lastModified": "2020-08-26T14:11:08.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:enterprise_search:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "367A998E-1763-4AAE-A971-9FFA0D9A4030", "versionEndExcluding": "7.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}