Lucene search
PRIOn knowledge basePRION:CVE-2022-23708HistoryMar 03, 2022 - 10:15 p.m.
Code injection
2022-03-0322:15:00
PRIOn knowledge base
www.prio-n.com
8
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
| CPE | Name | Operator | Version |
|---|---|---|---|
| elasticsearch | ge | 7.16.0 | |
| elasticsearch | lt | 7.17.1 |
Related
redhatcve
redhatcve
CVE-2022-23708
2022-03-21 16:34:16
cvelist
cvelist
CVE-2022-23708
2022-03-03 21:48:14
osv
osv
CVE-2022-23708
2022-03-03 22:15:08
Elasticsearch privilege escalation
2022-03-04 00:00:15
BIT-elasticsearch-2022-23708
2024-03-06 10:52:31
veracode
veracode
Privilege Escalation
2022-03-09 03:47:40
ubuntucve
ubuntucve
CVE-2022-23708
2022-03-03 00:00:00
cnvd
cnvd
Elasticsearch permission permission and access control issues vulnerability
2022-03-04 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2022-02)
2022-03-04 00:00:00
github
github
Elasticsearch privilege escalation
2022-03-04 00:00:15
cve
cve
CVE-2022-23708
2022-03-03 22:15:08
nvd
nvd
CVE-2022-23708
2022-03-03 22:15:08
nessus
nessus
Kibana 7.15.0 < 7.17.1 Multiple Vulnerabilities
2023-01-11 00:00:00