cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22148,https://securityvulnerability.io/vulnerability/CVE-2021-22148,API Key Misconfiguration in Elastic Enterprise Search App Search by Elastic,"The Elastic Enterprise Search App Search was found to have a misconfiguration related to API keys, allowing less privileged users to access unauthorized engines. The vulnerability arises from API keys not being restricted to their corresponding engines, potentially exposing sensitive data and functionality to users who should not have access. This security issue emphasizes the importance of proper access controls and configuration management in software applications.",Elastic,Elastic Enterprise Search,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-09-15T11:49:35.000Z,0
CVE-2021-22149,https://securityvulnerability.io/vulnerability/CVE-2021-22149,Authorization Bypass in Elastic Enterprise Search App Search by Elastic,"Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a vulnerability where API keys were not properly authorized via an alternate route. This flaw could allow an authenticated attacker to exploit these API keys, thereby gaining access to the privileges of higher-authority users without proper authorization. Users are urged to update to the latest version to mitigate this risk.",Elastic,Elastic Enterprise Search,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-09-15T11:44:31.000Z,0
CVE-2020-7018,https://securityvulnerability.io/vulnerability/CVE-2020-7018,Credential Exposure Flaw in Elastic Enterprise Search by Elastic,"Elastic Enterprise Search prior to version 7.9.0 has a significant vulnerability in its App Search interface allowing users assigned the 'developer' role to access sensitive administrator API credentials. This exposure could enable the developer to execute operations with the same privileges as an App Search administrator, potentially leading to unauthorized actions within the application. Proper role management and updates are crucial to mitigating this risk.",Elastic,Elastic Enterprise Search,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-08-18T16:40:14.000Z,0