CVE-2022-23708
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23708
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23708.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23708
- Aliases
- Downstream
- Published
- 2022-03-03T22:15:08Z
- Modified
- 2025-10-16T05:13:49.652557Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"236836815310709596383608286106644790881",
"196381633559554339088896249561089112903",
"146873537089190934299820367594122268218",
"334357347513489300173246355664845051067"
],
"threshold": 0.9
},
"id": "CVE-2022-23708-46868c56",
"source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java",
"function": "monitoringExporterGroupedSetting"
},
"deprecated": false,
"digest": {
"length": 1319.0,
"function_hash": "165482351688345707173695098433441287823"
},
"id": "CVE-2022-23708-5d0e65b7",
"source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java",
"function": "deprecatedAffixGroupedSetting"
},
"deprecated": false,
"digest": {
"length": 1971.0,
"function_hash": "81242662974819149104372912973832414697"
},
"id": "CVE-2022-23708-6a9a5cc6",
"source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"142965958877837107677794816119383469250",
"16841893402362179998478465353024513221",
"206022478088870697769046647787008760564",
"216095244516550820119455808353224037846",
"46142714263656663437914612207197745209",
"15088390182960363056546331595655444257",
"234182045088025048292414092125412433047",
"255272807197668761160103392865329307400",
"117362707116158116788652207123491886620",
"292421547288413531568142709484731301692",
"304976113980423471330374207259607813425"
],
"threshold": 0.9
},
"id": "CVE-2022-23708-7138c559",
"source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java",
"function": "deprecatedAffixSetting"
},
"deprecated": false,
"digest": {
"length": 1194.0,
"function_hash": "1789796353482668074025554634844605557"
},
"id": "CVE-2022-23708-7b0c41ec",
"source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a"
}
]
}