HIGHβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2024-37282

CVSS 8.1v3.1pub. 2024-06-28upd. 2026-01-30

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Elastic Cloud Enterprise

    APP
    Elastic
    3.0.0 – 3.7.2 (bez)
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-37729CRITICAL9.1PL βœ“ten sam produkt

Elastic Cloud Enterprise β€” Server-Side Template Injection (SSTI) w silniku Jinjava

CVE-2025-37736HIGH8.8ten sam produkt

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...

CVE-2023-31418HIGH7.5ten sam produkt

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...

CVE-2018-3828HIGH7.5ten sam produkt

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was d...

CVE-2022-23716MEDIUM5.3ten sam produkt

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key us...

CVE-2024-37282 β€” Elastic β€” Elastic Cloud Enterprise β€” HIGH β€” CVSS 8.1 | CVEbaza.pl