5 matches found
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...
CVE-2023-31417
creationtimestamp| type| source ---|---|--- 2023-10-26 22:16:05+00:00| seen| https://t.me/cibsecurity/72998...
ai.ylyue:yue-library-data-es (>=j11.2.6.0 <=j11.2.6.2), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=5.3.0 <=5.7.9) +513 more potentially affected by CVE-2023-31417 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.17.12)
org.elasticsearch:elasticsearch MAVEN version =7.0.0, =j11.2.6.0, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.6.5, =1.0, =1.0.4.R, =2.1.0.M8, =2.2.0.M7 and more Source cves: CVE-2023-31417 Source advisory: OSV:GHSA-99PC-69Q9-JXF2...
CVE-2023-31417
CVE-2023-31417 affects Elasticsearch where the existing audit-filtering logic fails to mask sensitive data when clients use deprecated API URIs. The consequence is that passwords and tokens could be printed in cleartext in Elasticsearch audit logs. The description notes that audit logging is disa...
CVE-2023-31417
A flaw was found in the Elasticsearch package. Elasticsearch filters out sensitive information and credentials before logging into the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. As a result, sensitive informatio...