Lucene search

[email protected]CVE-2024-23450

HistoryMar 27, 2024 - 5:15 p.m.

CVE-2024-23450

2024-03-2717:15:53

CWE-400

[email protected]

web.nvd.nist.gov

elasticsearch

ingest node

cve-2024-23450

nvd

flaw

crash

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

References

discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314

www.elastic.co/community/security

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

Related for CVE-2024-23450

cvelist1 cgr1 osv2 github1 redhatcve1 wolfi1 veracode1