A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220729-0003/ | Third Party Advisory |
https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220729-0003/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 - Vendor Advisory | |
References | () https://security.netapp.com/advisory/ntap-20220729-0003/ - Third Party Advisory |
03 Jul 2023, 20:34
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
Information
Published : 2022-03-03 22:15
Updated : 2024-11-21 06:49
NVD link : CVE-2022-23708
Mitre link : CVE-2022-23708
CVE.ORG link : CVE-2022-23708
JSON object : View
Products Affected
elastic
- elasticsearch
CWE