Lucene search
+L

8 matches found

Chainguard
Chainguard
added 2024/06/12 2:15 p.m.26 views

CVE-2024-23445 vulnerabilities

Vulnerabilities for packages: elasticsearch-fips, elasticsearch, sonarqube-10...

6.5CVSS6.3AI score0.00456EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/06/12 2:15 p.m.20 views

CVE-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS6.5AI score0.00456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/12 1:58 p.m.16 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS7.3AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/12 1:58 p.m.29 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00456EPSS
Exploits0References1
CVE
CVE
added 2024/06/12 1:58 p.m.330 views

CVE-2024-23445

CVE-2024-23445 affects Elasticsearch remote-cluster API key security model (GA 8.14.0). The issue: a cross-cluster API key that restricts index search via query or field_security and also grants replication for the same index may not enforce search restrictions during cross-cluster search, potent...

6.5CVSS6.5AI score0.00456EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/12 1:58 p.m.19 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS6.5AI score0.00456EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/06/06 11:3 a.m.16 views

CVE-2024-23445

A flaw was found in Elasticsearch. If a cross-cluster API key restricts the search for a given index using the query or the fieldsecurity parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross-cluster search...

6.5CVSS7.1AI score0.00456EPSS
Exploits0References4
Elastic
Elastic
added 2024/06/06 3:32 a.m.11 views

Elasticsearch 8.14.0 Security Update (ESA-2024-13)

Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions ESA-2024-13 It was identified that if a cross-cluster API key restricts search for a given index using the query or the fieldsecurity parameter, and the same cross-cluster API key also grants replication for the...

6.5CVSS6.9AI score0.00456EPSS
Exploits0
Rows per page
Query Builder