Lucene search
China National Vulnerability DatabaseCNVD-2022-20171HistoryMar 04, 2022 - 12:00 a.m.
Elasticsearch permission permission and access control issues vulnerability
2022-03-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
22.7%
Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. Elasticsearch is vulnerable to privilege permission and access control issues, which can be exploited by attackers to bypass Elasticsearch’s access restrictions via an upgrade assistant to read or change data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ElasticSearch ElasticSearch >=7.16.0, | lt | 7.17.1 |
Related
redhatcve
redhatcve
CVE-2022-23708
2022-03-21 16:34:16
prion
prion
Code injection
2022-03-03 22:15:00
cvelist
cvelist
CVE-2022-23708
2022-03-03 21:48:14
osv
osv
CVE-2022-23708
2022-03-03 22:15:08
Elasticsearch privilege escalation
2022-03-04 00:00:15
BIT-elasticsearch-2022-23708
2024-03-06 10:52:31
veracode
veracode
Privilege Escalation
2022-03-09 03:47:40
ubuntucve
ubuntucve
CVE-2022-23708
2022-03-03 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2022-02)
2022-03-04 00:00:00
github
github
Elasticsearch privilege escalation
2022-03-04 00:00:15
cve
cve
CVE-2022-23708
2022-03-03 22:15:08
nvd
nvd
CVE-2022-23708
2022-03-03 22:15:08
nessus
nessus
Kibana 7.15.0 < 7.17.1 Multiple Vulnerabilities
2023-01-11 00:00:00