Login Sign Up

CVE-2024-37282

8.1 HIGH

📋 TL;DR

This vulnerability allows API keys with specific privileges to create new API keys with elevated privileges, leading to privilege escalation. It affects Elastic Cloud Enterprise deployments where API key management is enabled. Attackers could gain unauthorized administrative access to the Elastic environment.

💻 Affected Systems

Products:
  • Elastic Cloud Enterprise
Versions: Versions before 3.7.2
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects deployments with API key functionality enabled (default configuration).

📦 What is this software?

Elastic Cloud Enterprise by Elastic

View all CVEs affecting Elastic Cloud Enterprise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative compromise of Elastic Cloud Enterprise deployment, allowing data exfiltration, service disruption, and lateral movement within the environment.

🟠

Likely Case

Privilege escalation leading to unauthorized access to sensitive data and configuration manipulation.

🟢

If Mitigated

Limited impact with proper API key monitoring and least privilege principles in place.

🌐 Internet-Facing: MEDIUM - Requires authenticated API access but could be exploited if API endpoints are exposed.
🏢 Internal Only: HIGH - Internal users with API key access could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires valid API key but simple API calls to exploit.

Exploitation requires an existing API key with specific privileges to create new keys.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.7.2

Vendor Advisory: https://discuss.elastic.co/t/elastic-cloud-enterprise-3-7-2-security-update-esa-2024-18/362181

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Upgrade Elastic Cloud Enterprise to version 3.7.2. 3. Restart all ECE services. 4. Verify upgrade completion and functionality.

🔧 Temporary Workarounds

Restrict API Key Creation

all

Temporarily disable or restrict API key creation capabilities.

ece configure --api-keys-enabled=false

Audit Existing API Keys

all

Review and revoke unnecessary API keys, especially those with key creation privileges.

ece api-keys list
ece api-keys revoke <key_id>

🧯 If You Can't Patch

  • Implement strict API key monitoring and alerting for unusual key creation patterns.
  • Apply network segmentation to restrict API access to trusted sources only.

🔍 How to Verify

Check if Vulnerable:

Check current ECE version: ece version | grep -i version

Check Version:

ece version

Verify Fix Applied:

Verify version is 3.7.2 or higher: ece version

📡 Detection & Monitoring

Log Indicators:

  • Unusual API key creation patterns
  • Multiple API key creation events from single source
  • API key creation with elevated privileges

Network Indicators:

  • Increased API calls to key creation endpoints
  • Unusual source IPs accessing key management APIs

SIEM Query:

source="ece-logs" AND ("api-key" AND "create") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-37282
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-285
Published: June 28, 2024
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37282, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)