Information disclosure in Elasticsearch
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-23451 |
| CWE-ID | CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Elasticsearch Web applications / Other software |
| Vendor | Elastic Stack |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authorization
EUVDB-ID: #VU91267
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23451
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper authorization within the API key based security model for Remote Cluster Security. A remote user with a valid API key for a remote cluster configured to use new Remote Cluster Security can read arbitrary documents from any index on the remote cluster, if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID.
Install updates from vendor's website.
Vulnerable software versionsElasticsearch: 8.10.0 - 8.12.2
CPE2.3- cpe:2.3:a:elastic_stack:elasticsearch:8.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:elasticsearch:8.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:elasticsearch:8.11.4:*:*:*:*:*:*:*
http://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
