CVE-2024-37282
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Elastic Cloud Enterprise | 3.0.0 < 3.7.2 | affected |
Weaknesses
- CWE-285: CWE-285
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.