Description: "Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges." See: https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.6.html#breaking_76_security_changes
@maintainer(s), please cleanup
CVE-2020-7009 (https://nvd.nist.gov/vuln/detail/CVE-2020-7009): Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58080c6edd1436ab951954c977c702b4c597f452 commit 58080c6edd1436ab951954c977c702b4c597f452 Author: Ferenc Erki <erkiferenc@gmail.com> AuthorDate: 2020-04-12 05:34:35 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-04-13 08:31:20 +0000 app-misc/elasticsearch: drop vulnerable Bug: https://bugs.gentoo.org/715820 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Ferenc Erki <erkiferenc@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/15318 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 14 ---- app-misc/elasticsearch/elasticsearch-6.7.1.ebuild | 91 ----------------------- app-misc/elasticsearch/elasticsearch-6.8.7.ebuild | 88 ---------------------- app-misc/elasticsearch/elasticsearch-7.2.1.ebuild | 86 --------------------- app-misc/elasticsearch/elasticsearch-7.3.2.ebuild | 83 --------------------- app-misc/elasticsearch/elasticsearch-7.4.1.ebuild | 83 --------------------- app-misc/elasticsearch/elasticsearch-7.5.2.ebuild | 83 --------------------- app-misc/elasticsearch/elasticsearch-7.6.1.ebuild | 83 --------------------- app-misc/elasticsearch/files/elasticsearch.init.5 | 68 ----------------- 9 files changed, 679 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89c1a7726101d3eb6ae80f67c1a8377fba8549b4 commit 89c1a7726101d3eb6ae80f67c1a8377fba8549b4 Author: Ferenc Erki <erkiferenc@gmail.com> AuthorDate: 2020-04-12 05:26:24 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-04-13 08:31:20 +0000 app-misc/elasticsearch: bump version to 6.8.8 Bug: https://bugs.gentoo.org/715820 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Ferenc Erki <erkiferenc@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 2 + app-misc/elasticsearch/elasticsearch-6.8.8.ebuild | 88 +++++++++++++++++++++++ 2 files changed, 90 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5899c1051510651f41c3eeed02abeec2433252e9 commit 5899c1051510651f41c3eeed02abeec2433252e9 Author: Ferenc Erki <erkiferenc@gmail.com> AuthorDate: 2020-04-12 05:24:58 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-04-13 08:31:20 +0000 app-misc/elasticsearch: bump version to 7.6.2 Bug: https://bugs.gentoo.org/715820 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Ferenc Erki <erkiferenc@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 2 + app-misc/elasticsearch/elasticsearch-7.6.2.ebuild | 83 +++++++++++++++++++++++ 2 files changed, 85 insertions(+)
Closing because noglsa and cleanup done.
