Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2021-37937

Published: 22/11/2023 Updated: 30/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Elastic

Vulnerability Summary

A security issue has been found in Elasticsearch versions from 7.13.0 up to and including 7.14.0. An issue was found with how API keys are created with the fleet-server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised fleet-server service account could escalate themselves to a super-user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

elastic elasticsearch

Vendor Advisories

Arch Linux Issues:
A security issue has been found in Elasticsearch versions from 7130 through 7140 An issue was found with how API keys are created with the fleet-server service account When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended Using this vulnerability, a compromise ...

References

NVD-CWE-noinfohttps://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077https://www.elastic.co/community/securityhttps://nvd.nist.govhttps://security.archlinux.org/CVE-2021-37937
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook