Lucene search

ElasticCVELIST:CVE-2021-37937

HistoryNov 22, 2023 - 1:45 a.m.

CVE-2021-37937 Elasticsearch privilege escalation

2023-11-2201:45:21

CWE-269

elastic

www.cve.org

elasticsearch

privilege escalation

api keys

fleet-server

service account

super-user

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Elasticsearch",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThan": "7.14.0",
        "status": "affected",
        "version": "7.13.0",
        "versionType": "semver"
      }
    ]
  }
]

References

discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077

www.elastic.co/community/security

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Related for CVELIST:CVE-2021-37937