CVE-2020-7009
privilege escalation vulnerability in elasticsearch (Maven)
What is CVE-2020-7009 About?
This privilege escalation vulnerability in Elasticsearch allows attackers to elevate API key privileges. An attacker who can generate an API key can exploit this to gain higher access levels. Its exploitation requires a specific sequence of steps but is achievable for an authenticated attacker.
Affected Software
- org.elasticsearch:elasticsearch
- >=7.0.0, <7.6.2
- >=6.7.0, <6.8.8
Technical Details
Elasticsearch versions 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw. An attacker who already possesses the ability to create API keys can exploit this. The vulnerability specifically arises from a sequence of actions that, when performed in a particular order, allow the attacker to create an API key with privileges exceeding those initially granted to the attacker. This bypasses intended access controls and effectively escalates their permissions within the Elasticsearch environment.
What is the Impact of CVE-2020-7009?
Successful exploitation may allow attackers to gain elevated privileges, leading to unauthorized access to sensitive data, modification of system configurations, or complete control over the Elasticsearch instance.
What is the Exploitability of CVE-2020-7009?
Exploitation of this vulnerability is of moderate complexity. It requires an attacker to already have the ability to create API keys, implying some level of initial access and authentication. Therefore, privileged access is a prerequisite. The exploitation process involves a specific sequence of API calls or actions rather than a simple direct attack. This is a remote vulnerability, as API key creation and manipulation can be done over the network. The lack of proper privilege checks during the API key generation process is a critical risk factor, increasing the likelihood of successful exploitation by an attacker with existing API key creation rights.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-7009?
Available Upgrade Options
- org.elasticsearch:elasticsearch
- >=6.7.0, <6.8.8 → Upgrade to 6.8.8
- org.elasticsearch:elasticsearch
- >=7.0.0, <7.6.2 → Upgrade to 7.6.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
- https://osv.dev/vulnerability/GHSA-gfv5-grx2-9jw2
- https://security.netapp.com/advisory/ntap-20200403-0004
- https://github.com/elastic/elasticsearch
- https://www.elastic.co/community/security
- https://nvd.nist.gov/vuln/detail/CVE-2020-7009
- https://www.elastic.co/community/security/
- https://security.netapp.com/advisory/ntap-20200403-0004/
- https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920
What are Similar Vulnerabilities to CVE-2020-7009?
Similar Vulnerabilities: CVE-2023-38827 , CVE-2022-23746 , CVE-2021-41913 , CVE-2020-14022 , CVE-2019-10657
