CVE-2022-23709

Source
https://cve.org/CVERecord?id=CVE-2022-23709
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23709.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23709
Published
2022-03-03T21:50:17Z
Modified
2026-07-09T06:37:14.876305Z
Summary
[none]
Details

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23709.json",
    "cna_assigner": "elastic",
    "cwe_ids": [
        "CWE-264"
    ]
}
References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:8.0.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "7.7.0"
        },
        {
            "fixed": "7.17.1"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.0"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

8.*
8.0.0

Database specific

vanir_signatures
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "236836815310709596383608286106644790881",
                "196381633559554339088896249561089112903",
                "146873537089190934299820367594122268218",
                "334357347513489300173246355664845051067"
            ]
        },
        "target": {
            "file": "x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java"
        },
        "id": "CVE-2022-23709-46868c56",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "165482351688345707173695098433441287823",
            "length": 1319.0
        },
        "target": {
            "function": "monitoringExporterGroupedSetting",
            "file": "x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java"
        },
        "id": "CVE-2022-23709-5d0e65b7",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "81242662974819149104372912973832414697",
            "length": 1971.0
        },
        "target": {
            "function": "deprecatedAffixGroupedSetting",
            "file": "x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java"
        },
        "id": "CVE-2022-23709-6a9a5cc6",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "142965958877837107677794816119383469250",
                "16841893402362179998478465353024513221",
                "206022478088870697769046647787008760564",
                "216095244516550820119455808353224037846",
                "46142714263656663437914612207197745209",
                "15088390182960363056546331595655444257",
                "234182045088025048292414092125412433047",
                "255272807197668761160103392865329307400",
                "117362707116158116788652207123491886620",
                "292421547288413531568142709484731301692",
                "304976113980423471330374207259607813425"
            ]
        },
        "target": {
            "file": "x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java"
        },
        "id": "CVE-2022-23709-7138c559",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "1789796353482668074025554634844605557",
            "length": 1194.0
        },
        "target": {
            "function": "deprecatedAffixSetting",
            "file": "x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java"
        },
        "id": "CVE-2022-23709-7b0c41ec",
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/elastic/elasticsearch/commit/e5acb99f822233d62d6444ce45a4543dc1c8059a",
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23709.json"
vanir_signatures_modified
"2026-07-09T06:37:14Z"

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:8.0.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "7.7.0"
        },
        {
            "fixed": "7.17.1"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.0"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

8.*
8.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23709.json"