CVE-2020-7014
Privilege Escalation vulnerability in elasticsearch (Maven)
What is CVE-2020-7014 About?
This vulnerability is an incomplete fix for CVE-2020-7009 in Elasticsearch versions 6.7.0-6.8.7 and 7.0.0-7.6.1, allowing privilege escalation. Attackers able to create API keys and authentication tokens can perform a series of steps to generate an authentication token with elevated privileges. Exploitation requires initial capabilities, making it moderately complex.
Affected Software
- org.elasticsearch:elasticsearch
- >=7.0.0, <7.6.2
- >=6.7.0, <6.8.8
Technical Details
The vulnerability exists due to an incomplete fix for a prior security issue (CVE-2020-7009). In affected Elasticsearch versions, if an attacker already possesses the ability to create API keys and authentication tokens, they can leverage these initial capabilities to perform a specific sequence of actions. This sequence of steps, which exploits a logic flaw in how Elasticsearch handles token generation and privilege assignment in certain scenarios, results in the creation of an authentication token that possesses elevated privileges beyond what the original API key or authentication token was intended to have. This effectively bypasses intended authorization controls, leading to privilege escalation.
What is the Impact of CVE-2020-7014?
Successful exploitation may allow attackers to escalate their privileges within Elasticsearch, gaining unauthorized access to sensitive operations or data that would typically be restricted.
What is the Exploitability of CVE-2020-7014?
Exploitation of this privilege escalation vulnerability requires an attacker to already have authenticated access to Elasticsearch with sufficient privileges to create both API keys and authentication tokens. The process involves a specific series of steps that manipulate the token generation mechanism. This is a remote exploitation scenario, where the attacker interacts with the Elasticsearch API. The complexity is moderate to high, as it requires understanding the specific conditions and sequence of API calls that lead to the privilege escalation. The main risk factor is an attacker already having partial access and the ability to generate tokens.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-7014?
Available Upgrade Options
- org.elasticsearch:elasticsearch
- >=6.7.0, <6.8.8 → Upgrade to 6.8.8
- org.elasticsearch:elasticsearch
- >=7.0.0, <7.6.2 → Upgrade to 7.6.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
What are Similar Vulnerabilities to CVE-2020-7014?
Similar Vulnerabilities: CVE-2022-23746 , CVE-2023-25191 , CVE-2021-38297 , CVE-2020-13936 , CVE-2019-14815
