Vulnerability identifier: #VU91267

Vulnerability risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23451

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Elasticsearch
Web applications / Other software

Vendor: Elastic Stack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper authorization within the API key based security model for Remote Cluster Security. A remote user with a valid API key for a remote cluster configured to use new Remote Cluster Security can read arbitrary documents from any index on the remote cluster, if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Elasticsearch: 8.10.0 - 8.10.4, 8.12.0 - 8.12.2, 8.11.0 - 8.11.4

---

External links
http://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.