Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.26 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch sensitive information disclosure vulnerabilitiy( CVE-2024-23451)

Summary Potential Elastic Elasticsearch sensitive information disclosure vulnerabilitiy CVE-2024-23451 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23451...

6.5CVSS8.4AI score0.00435EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2024/03/27 6:32 p.m.4 views

com.farcsal.dql:query-es (=0.8.0), com.github.msarhan:elasticsearch-analysis-arabic (>=1.2.0 <=1.4.0) +10 more potentially affected by CVE-2024-23451 via org.elasticsearch:elasticsearch (>=8.10.0 <=8.12.2)

org.elasticsearch:elasticsearch MAVEN version =8.10.0, =1.2.0, =0.83.0, =7.23.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0, =8.10.0, =8.10.4, =8.12.2 Source cves: CVE-2024-23451 Source advisory: OSV:GHSA-R3HX-QFH5-R9M7...

6.5CVSS6.2AI score0.00435EPSS
Exploits0
NVD
NVD
added 2024/03/27 6:15 p.m.34 views

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS5.2AI score0.00435EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/03/27 6:15 p.m.30 views

CVE-2024-23451 vulnerabilities

Vulnerabilities for packages: elasticsearch...

6.5CVSS4.9AI score0.00435EPSS
Exploits0
OSV
OSV
added 2024/03/27 6:3 p.m.11 views

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS6.3AI score0.00435EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/27 6:3 p.m.11 views

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS7AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 6:3 p.m.343 views

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...

6.5CVSS4.7AI score0.00435EPSS
Exploits0References1Affected Software1
Elastic
Elastic
added 2024/03/27 4:53 p.m.10 views

Elasticsearch 8.13.0 Security Update (ESA-2024-07)

Elasticsearch Improper Authorization in the Remote Cluster Security API key based security model ESA-2024-07 It was identified by the Elastic engineering team that the API key based security model for Remote Cluster Security, which is currently in Beta, is affected by an improper authorization...

6.5CVSS6.9AI score0.00435EPSS
Exploits0
Rows per page
Query Builder