8 matches found
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch sensitive information disclosure vulnerabilitiy( CVE-2024-23451)
Summary Potential Elastic Elasticsearch sensitive information disclosure vulnerabilitiy CVE-2024-23451 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23451...
com.farcsal.dql:query-es (=0.8.0), com.github.msarhan:elasticsearch-analysis-arabic (>=1.2.0 <=1.4.0) +10 more potentially affected by CVE-2024-23451 via org.elasticsearch:elasticsearch (>=8.10.0 <=8.12.2)
org.elasticsearch:elasticsearch MAVEN version =8.10.0, =1.2.0, =0.83.0, =7.23.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0, =8.10.0, =8.10.4, =8.12.2 Source cves: CVE-2024-23451 Source advisory: OSV:GHSA-R3HX-QFH5-R9M7...
CVE-2024-23451
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
CVE-2024-23451 vulnerabilities
Vulnerabilities for packages: elasticsearch...
CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
CVE-2024-23451
Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...
Elasticsearch 8.13.0 Security Update (ESA-2024-07)
Elasticsearch Improper Authorization in the Remote Cluster Security API key based security model ESA-2024-07 It was identified by the Elastic engineering team that the API key based security model for Remote Cluster Security, which is currently in Beta, is affected by an improper authorization...