CVE-2020-7014 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-7014 Interim 1 11 2025-02-17T01:37:44Z current 2021-05-30T14:37:22Z 2025-02-17T01:37:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-7014 The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 HPE Helion OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 elasticsearch elasticsearch as a component of HPE Helion OpenStack 8 elasticsearch as a component of HPE Helion OpenStack Cloud 8 elasticsearch as a component of SUSE OpenStack Cloud 7 elasticsearch as a component of SUSE OpenStack Cloud 8 elasticsearch as a component of SUSE OpenStack Cloud 9 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 8 elasticsearch as a component of SUSE OpenStack Cloud Crowbar 9 The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. CVE-2020-7014 HPE Helion OpenStack 8:elasticsearch HPE Helion OpenStack Cloud 8:elasticsearch SUSE OpenStack Cloud 7:elasticsearch SUSE OpenStack Cloud 8:elasticsearch SUSE OpenStack Cloud 9:elasticsearch SUSE OpenStack Cloud Crowbar 8:elasticsearch SUSE OpenStack Cloud Crowbar 9:elasticsearch important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H