Lucene search
GoogleOSV:GHSA-PGQ6-CCQJ-HPQRHistoryMar 04, 2022 - 12:00 a.m.
Elasticsearch privilege escalation
2022-03-0400:00:15
Google
osv.dev
25
0.001 Low
EPSS
Percentile
22.7%
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. Users running a cluster on an affected version that had previously been upgraded from 6.x, should upgrade to 7.17.1. Users that are planning to upgrade from 6.x should not perform an upgrade from 6.x to versions 7.16 through 7.17.0 and should use 7.17.1+ for upgrades from 6.x.
Related
redhatcve
redhatcve
CVE-2022-23708
2022-03-21 16:34:16
prion
prion
Code injection
2022-03-03 22:15:00
cvelist
cvelist
CVE-2022-23708
2022-03-03 21:48:14
osv
osv
CVE-2022-23708
2022-03-03 22:15:08
BIT-elasticsearch-2022-23708
2024-03-06 10:52:31
veracode
veracode
Privilege Escalation
2022-03-09 03:47:40
ubuntucve
ubuntucve
CVE-2022-23708
2022-03-03 00:00:00
cnvd
cnvd
Elasticsearch permission permission and access control issues vulnerability
2022-03-04 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2022-02)
2022-03-04 00:00:00
github
github
Elasticsearch privilege escalation
2022-03-04 00:00:15
cve
cve
CVE-2022-23708
2022-03-03 22:15:08
nvd
nvd
CVE-2022-23708
2022-03-03 22:15:08
nessus
nessus
Kibana 7.15.0 < 7.17.1 Multiple Vulnerabilities
2023-01-11 00:00:00