2 matches found
cn.linham:beecloud-service-core (=5.8.07), cn.linham:beecloud-service-openfeign (=5.8.07) +49 more potentially affected by CVE-2022-23708 via org.elasticsearch:elasticsearch (>=7.16.0 <=7.17.0)
org.elasticsearch:elasticsearch MAVEN version =7.16.0, =0.8.0, =0.8.0, =1.6.1, =1.1.14, =2.6.2, =5.1, =5.1, =7.16.0.0, =3.0.1, =0.11.2, =0.11.2, =0.11.4 and more Source cves: CVE-2022-23708 Source advisory: OSV:GHSA-PGQ6-CCQJ-HPQR...
CVE-2022-23708
Affected software: Elasticsearch 7.17.0 (upgrade assistant) in which upgrading from 6.x to 7.x disables built‑in protections on the security index. Vulnerable component: upgrade assistant handling the upgrade path from 6.x to 7.x. Root cause: misconfiguration of protections during upgrade allows ...