org.elasticsearch.plugin:x-pack-security@7.13.3 vulnerabilities
-
latest version
8.13.2
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
a month ago
-
licenses detected
- [6.8.11,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.elasticsearch.plugin:x-pack-security package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security Affected versions of this package are vulnerable to Privilege Escalation. When the Fleet-Server service account is used to create an API key, an attacker can escalate their privileges to a super-user level by exploiting the improper privilege management. This is only exploitable if the attacker has compromised the Fleet-Server service account. How to fix Privilege Escalation? Upgrade |
[7.13.0,7.14.1)
|