PT-2021-14872 · Elastic · App Search

Published

2021-09-15

Updated

2021-10-18

CVE-2021-22148

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Elastic Enterprise Search App Search versions prior to 7.14.0

Description: The issue allows less privileged users to gain access to unauthorized engines due to API keys not being bound to the same engines as their creator. This could lead to unauthorized access.

Recommendations: For versions prior to 7.14.0, update to version 7.14.0 or later to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-22148

Affected Products

App Search

PT-2021-14872 · Elastic · App Search

CVE-2021-22148

Weakness Enumeration

Related Identifiers

Affected Products

References · 5