ID de Prueba:	1.3.6.1.4.1.25623.1.0.117697
Categoría:	Privilege escalation
Título:	Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2021-25)
Resumen:	Elastic Elasticsearch is prone to a privilege escalation; vulnerability.
Descripción:	Summary: Elastic Elasticsearch is prone to a privilege escalation vulnerability. Vulnerability Insight: An issue was found with how API keys are created with the fleet-server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised fleet-server service account could escalate themselves to a super-user. Affected Software/OS: Elastic Elasticsearch version 7.13.0 through 7.14.0. Solution: Update to version 7.14.1 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-37937 https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077 https://www.elastic.co/community/security
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.