Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and...

6.5CVSS6.4AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2024/03/27 6:32 p.m.30 views

GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS5.7AI score0.00435EPSS
Exploits0References3
NVD
NVD
added 2024/03/27 6:15 p.m.29 views

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/27 6:3 p.m.11 views

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

4.4CVSS7AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 6:3 p.m.341 views

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...

6.5CVSS4.7AI score0.00435EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder