Lucene search
+L

131 matches found

Veracode
Veracode
added 2024/03/29 10:11 a.m.13 views

Improper Authorization

org.elasticsearch:elasticsearch is vulnerable to Improper Authorization. The vulnerability is due to the improper validation of API key permissions, allowing a malicious user with a valid API key for a remote cluster configured with new Remote Cluster Security to read arbitrary documents from any...

6.5CVSS6.5AI score0.00435EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/03/28 8:50 p.m.43 views

Important: Red Hat Security Advisory: ACS 4.4 enhancement and security update

Important: Updated images are now available for Red Hat Advanced Cluster Security. Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities...

9.1CVSS6.6AI score0.01956EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2024/03/27 7:36 p.m.74 views

CVE-2024-23451

An incorrect authorization flaw was found in the API key based security model for Remote Cluster Security in the elasticsearch package. A malicious user with a valid API key can leverage this issue to gain access to read any documents from any index in the remote cluster, exposing possible...

4.4CVSS7AI score0.00435EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/27 6:32 p.m.33 views

Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS7.1AI score0.00435EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/27 6:32 p.m.31 views

GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS5.7AI score0.00435EPSS
Exploits0References3
NVD
NVD
added 2024/03/27 6:15 p.m.34 views

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS5.2AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2024/03/27 6:15 p.m.15 views

UBUNTU-CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS7.4AI score0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 6:3 p.m.11 views

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS7AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 6:3 p.m.343 views

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...

6.5CVSS4.7AI score0.00435EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/27 6:3 p.m.42 views

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS5.1AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2024/03/27 6:3 p.m.11 views

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS6.3AI score0.00435EPSS
Exploits0References4
Elastic
Elastic
added 2024/03/27 4:53 p.m.10 views

Elasticsearch 8.13.0 Security Update (ESA-2024-07)

Elasticsearch Improper Authorization in the Remote Cluster Security API key based security model ESA-2024-07 It was identified by the Elastic engineering team that the API key based security model for Remote Cluster Security, which is currently in Beta, is affected by an improper authorization...

6.5CVSS6.9AI score0.00435EPSS
Exploits0
Veracode
Veracode
added 2024/03/22 4:57 a.m.12 views

Missing Encryption Of Sensitive Data

Cilium is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to missing encryption in IPsec-eligible traffic between a node's Envoy proxy/DNS proxy and pods on other nodes, when traffic matches Layer 7 policies. This issue can expose sensitive data as it travels between...

6.1CVSS6.8AI score0.00271EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/27 8:27 a.m.7 views

CVE-2023-50379 Apache Ambari: authenticated users could perform command injection to perform RCE

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host...

8.8CVSS6AI score0.01064EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.7 views

PT-2024-2594 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 8.10.0 through 8.12.x Description: The issue is related to an Incorrect Authorization problem in the API key based security model for Remote Cluster Security, which is currently in Beta. This allows a malicious user wit...

6.5CVSS7.8AI score0.00435EPSS
Exploits0References16
NVD
NVD
added 2023/12/12 10:15 a.m.35 views

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

6.1CVSS0.00533EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/12 10:15 a.m.1 views

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

6.1CVSS6.3AI score0.00533EPSS
Exploits0References4
Prion
Prion
added 2023/12/12 10:15 a.m.17 views

Design/Logic Flaw

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

5.8CVSS7.1AI score0.00533EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/12/12 10:2 a.m.85 views

CVE-2023-4958

CVE-2023-4958 affects Red Hat Advanced Cluster Security (RHACS). The vulnerability is that some security-related HTTP headers are missing in RHACS web UI, enabling a clickjacking-style attack where an attacker entices a valid RHACS user to visit a malicious page that redirects to RHACS endpoints,...

6.1CVSS6.4AI score0.00533EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/12/12 10:2 a.m.30 views

CVE-2023-4958 Stackrox: missing http security headers allows for clickjacking in web ui

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

6.1CVSS6.4AI score0.00533EPSS
Exploits0References7
Rows per page
Query Builder