Elastic: >> Elastic Cloud Enterprise >> 3.6.1 Security Vulnerabilities
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-10-13
It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges.
CVSS Score
8.1
EPSS Score
0.003
Published
2024-06-28