Lucene search

Veracode Vulnerability DatabaseVERACODE:46089

HistoryMar 29, 2024 - 10:30 a.m.

Denial Of Service (DoS)

2024-03-2910:30:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

elasticsearch

vulnerability

handling

pipelines

denial of service

software

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

org.elasticsearch:elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of Service.

CPENameOperatorVersion
serverle8.12.2
serverle7.17.18
serverle8.12.2
serverle7.17.18

Name	Operator	Version
server	le	8.12.2
server	le	7.17.18
server	le	8.12.2
server	le	7.17.18

References

discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314

github.com/advisories/GHSA-w5gg-2q56-6h4f

github.com/elastic/elasticsearch/commit/874a1dc991881ae39febabc3fd4a108a1f316f3b

github.com/elastic/elasticsearch/commit/f0ec29438209792ba5e7d1f24aa5a8bd6d908a6a

security.netapp.com/advisory/ntap-20240517-0010/

www.elastic.co/community/security

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46089