CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 - Vendor Advisory () https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20220729-0003/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20220729-0003/ - Third Party Advisory

03 Jul 2023, 20:34

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-Other

Information

Published : 2022-03-03 22:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23708

Mitre link : CVE-2022-23708

CVE.ORG link : CVE-2022-23708


JSON object : View

Products Affected

elastic

  • elasticsearch
CWE
CWE-264

Permissions, Privileges, and Access Controls

NVD-CWE-Other