Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-37937
HistoryNov 22, 2023 - 2:15 a.m.

Design/Logic Flaw

2023-11-2202:15:00
PRIOn knowledge base
www.prio-n.com
4
design flaw
logic
api keys
service account
privilege escalation
vulnerability
nvd

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.3%

JSON

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.

CPENameOperatorVersion
elasticsearchge7.13.0
elasticsearchle7.14.0

Related

osv 1
cvelist 1
openvas 1
nvd 1
cve 1
ubuntucve 1
osv
osv
BIT-elasticsearch-2021-37937
2024-03-06 10:52:41
cvelist
cvelist
CVE-2021-37937 Elasticsearch privilege escalation
2023-11-22 01:45:21
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2021-25)
2021-09-27 00:00:00
nvd
nvd
CVE-2021-37937
2023-11-22 02:15:42
cve
cve
CVE-2021-37937
2023-11-22 02:15:42
ubuntucve
ubuntucve
CVE-2021-37937
2023-11-22 00:00:00

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.3%

JSON
Related for PRION:CVE-2021-37937
osv1cvelist1openvas1nvd1cve1ubuntucve1