PT-2024-27446 · Elastic · Cloud Enterprise
Published
2024-06-28
·
Updated
2026-01-30
·
CVE-2024-37282
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
No specific software or versions are mentioned.
Description
It was identified that under certain specific preconditions, an API key that was originally created with specific privileges could be subsequently used to create new API keys that have elevated privileges.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Enterprise