Elasticsearch Security Vulnerabilities and Issues — Elasticsearch CVE List

Lucene search

ElasticElasticsearch

3 matches found

CVE•added 2024/03/27 5:15 p.m.•276 views

CVE-2024-23450

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

7.5CVSS4.8AI score0.00627EPSS

CVE•added 2024/03/27 6:15 p.m.•263 views

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to re...

6.5CVSS4.7AI score0.00072EPSS

CVE•added 2024/03/29 12:15 p.m.•90 views

CVE-2024-23449

An uncaught exception in Elasticsearch >= 8.4.0 and

5.3CVSS4.3AI score0.00141EPSS