Vulnerabilities > Elastic > Elasticsearch > 7.5.2

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2020-7020 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.
network
high complexity
elastic CWE-269
3.1
3.1
2020-08-18 CVE-2020-7019 Improper Privilege Management vulnerability in Elastic Elasticsearch
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security.
network
low complexity
elastic CWE-269
6.5
6.5
2020-06-03 CVE-2020-7014 Improper Privilege Management vulnerability in Elastic Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete.
network
low complexity
elastic CWE-269
8.8
8.8
2020-03-31 CVE-2020-7009 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys.
network
low complexity
elastic CWE-269
8.8
8.8