Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
Elastic Cloud Enterprise 安全漏洞
Vulnerability Description
Elastic Cloud Enterprise是荷兰Elastic公司的一种云平台。使在云中部署、操作和扩展 Elastic Stack 变得容易。 Elastic Cloud Enterprise 3.0.0至3.7.2版本存在安全漏洞,该漏洞源于原本具有特定权限的API密钥可以被用来创建具有更高权限的新API密钥。
CVSS Information
N/A
Vulnerability Type
N/A