9 matches found
ROOT-APP-MAVEN-CVE-2025-37731 CVE-2025-37731 in io.root.org.elasticsearch:elasticsearch - Patched by Root
Root has patched CVE-2025-37731 in the io.root.org.elasticsearch:elasticsearch package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Vulnerability in Elasticsearch PKI realm affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Elasticsearch PKI realm has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...
ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1034 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)
org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...
org.elasticsearch.test:framework (>=9.2.0 <=9.2.1), org.elasticsearch.test:yaml-rest-runner (>=9.2.0 <=9.2.1) +1 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=9.2.0 <=9.2.1)
org.elasticsearch:elasticsearch MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.1 - pl.allegro.tech.elasticsearch.plugin:elasticsearch-analysis-morfologik =9.2.1 Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...
net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.110.0), org.elasticsearch.test:framework (>=9.0.0 <=9.1.10) +3 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=9.0.0-beta1 <=9.1.7)
org.elasticsearch:elasticsearch MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =1.7.es904.0, =9.0.0, =9.1.5 Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...
org.elasticsearch.plugin:transport-netty4 (>=9.2.0 <=9.2.1), org.elasticsearch.plugin:x-pack-core (>=9.2.0 <=9.2.1) +3 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.2.0 <=9.2.1)
org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.1 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...
com.aconex.scrutineer:scrutineer (=7.9.3), com.playtika.testcontainers:embedded-elasticsearch (>=2.0.0 <=2.0.11) +15 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=7.8.1 <=8.19.7)
org.elasticsearch:elasticsearch-ssl-config MAVEN version =7.8.1, =2.0.0, =0.2.7.1, =0.83.0, =7.9.01, =7.8.1, =1.5.0, =7.8.1, =7.8.1, =7.8.1, =8.10.0, =7.8.1, =8.10.0, =8.0.0, =8.19.16 and more Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...
com.aconex.scrutineer:scrutineer (=7.9.3), org.elasticsearch.client:x-pack-transport (>=7.8.1 <=7.9.3) potentially affected by CVE-2025-37731 via org.elasticsearch.plugin:x-pack-core (>=7.8.1 <=7.9.3)
org.elasticsearch.plugin:x-pack-core MAVEN version =7.8.1, =7.8.1, =7.9.3 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCHPLUGIN-14417581...
Elasticsearch 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-27)
Elasticsearch Improper Authentication ESA-2025-27 Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate...