BIT-elasticsearch-2021-37937

Import Source
https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2021-37937.json
Aliases
  • CVE-2021-37937
Published
2024-01-31T15:13:57.191Z
Modified
2024-01-31T15:40:39.817Z
Details

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.

References

Affected packages

Bitnami / elasticsearch

Package

Name
elasticsearch

Affected ranges

Type
SEMVER
Events
Introduced
7.13.0
Fixed
7.14.0