Lucene search
+L

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-20948

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00456EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/12 3:31 p.m.44 views

Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS7AI score0.00456EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/12 2:15 p.m.51 views

CVE-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/12 1:58 p.m.29 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00456EPSS
Exploits0References1
CVE
CVE
added 2024/06/12 1:58 p.m.330 views

CVE-2024-23445

CVE-2024-23445 affects Elasticsearch remote-cluster API key security model (GA 8.14.0). The issue: a cross-cluster API key that restricts index search via query or field_security and also grants replication for the same index may not enforce search restrictions during cross-cluster search, potent...

6.5CVSS6.5AI score0.00456EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-4672 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 8.14.0 Description: The issue is related to the implementation of the Elasticsearch search system's application programming interface, specifically with the cross-cluster API key. If a cross-cluster API key...

6.8CVSS7.7AI score0.00456EPSS
Exploits0References10
Rows per page
Query Builder