GCVE - cpe:2.3:a:elastic:elastic_enterprise_search:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:elastic:elastic_enterprise_search:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Elastic (`1d0b8d2a-fd47-5b20-b005-34326f9bd037`)
Product	Elastic Enterprise Search (`421551bd-9380-5efc-8323-9ce5193f59e3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-22149`	vulnerable	2026-06-03 14:43:52.269065	Details available Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. Published: 2021-09-15T11:44:31.000Z Updated: 2024-08-03T18:37:17.257Z Open on db.gcve.eu Reference links https://www.elastic.co/community/security/ https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22148`	vulnerable	2026-06-03 14:43:52.268092	Details available Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines. Published: 2021-09-15T11:49:35.000Z Updated: 2024-08-03T18:37:16.710Z Open on db.gcve.eu Reference links https://www.elastic.co/community/security/ https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-7018`	vulnerable	2026-06-03 14:43:05.092988	Details available Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator. Published: 2020-08-18T16:40:14.000Z Updated: 2024-08-04T09:18:02.921Z Open on db.gcve.eu Reference links https://discuss.elastic.co/t/enterprise-search-7-9-0-security-update/245457	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.