Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elasticsearch privilege escalation
Vulnerability Description
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
Elasticsearch 安全漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch 存在安全漏洞,该漏洞源于攻击者可利用该漏洞可以通过Elasticsearch的Fleet-server服务API密钥绕过限制,以升级他的特权。
CVSS Information
N/A
Vulnerability Type
N/A