Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
https://www.elastic.co/community/security/
https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344