CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*

History

03 Jul 2023, 20:34

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-Other

Information

Published : 2022-03-03 22:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-23708

Mitre link : CVE-2022-23708

CVE.ORG link : CVE-2022-23708


JSON object : View

Products Affected

elastic

  • elasticsearch
CWE
NVD-CWE-Other CWE-264

Permissions, Privileges, and Access Controls