Candidate: CVE-2020-7009
PublicDate: 2020-03-31 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7009
 https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
 https://security.netapp.com/advisory/ntap-20200403-0004/
 https://www.elastic.co/community/security/
Description:
 Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2
 contain a privilege escalation flaw if an attacker is able to create API
 keys. An attacker who is able to generate an API key can perform a series
 of steps that result in an API key being generated with elevated
 privileges.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_elasticsearch:
upstream_elasticsearch: needs-triage
precise/esm_elasticsearch: DNE
trusty_elasticsearch: ignored (out of standard support)
trusty/esm_elasticsearch: DNE
xenial_elasticsearch: ignored (end of standard support, was needs-triage)
bionic_elasticsearch: DNE
eoan_elasticsearch: DNE
focal_elasticsearch: DNE
groovy_elasticsearch: DNE
hirsute_elasticsearch: DNE
impish_elasticsearch: DNE
jammy_elasticsearch: DNE
devel_elasticsearch: DNE