Candidate: CVE-2020-7014
PublicDate: 2020-06-03 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7014
Description:
 The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch
 versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege
 escalation flaw if an attacker is able to create API keys and also
 authentication tokens. An attacker who is able to generate an API key and
 an authentication token can perform a series of steps that result in an
 authentication token being generated with elevated privileges.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_elasticsearch:
upstream_elasticsearch: needs-triage
precise/esm_elasticsearch: DNE
trusty_elasticsearch: ignored (out of standard support)
trusty/esm_elasticsearch: DNE
xenial_elasticsearch: ignored (end of standard support, was needs-triage)
bionic_elasticsearch: DNE
focal_elasticsearch: DNE
groovy_elasticsearch: DNE
hirsute_elasticsearch: DNE
impish_elasticsearch: DNE
jammy_elasticsearch: DNE
devel_elasticsearch: DNE