BIT-elasticsearch-2023-46673

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2023-46673.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-elasticsearch-2023-46673

Aliases

CVE-2023-46673
GHSA-285m-vhfq-xx4h

Published

2024-03-06T10:51:39.565Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Database specific

{
    "cpes": [
        "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
https://www.elastic.co/community/security
https://nvd.nist.gov/vuln/detail/CVE-2023-46673

Affected packages

Bitnami / elasticsearch

Package

Name: elasticsearch
Purl: pkg:bitnami/elasticsearch

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.0.0

Fixed

7.17.14

Introduced

8.0.0

Fixed

8.10.3