CVE-2024-23444
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-23444
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23444.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-23444
- Aliases
- Downstream
- Related
- Published
- 2024-07-31T18:15:11.983Z
- Modified
- 2025-11-19T17:35:51.571661Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java",
"function": "test600Interrupt"
},
"source": "https://github.com/elastic/elasticsearch/commit/61d76462eecaf09ada684d1b5d319b5ff6865a83",
"digest": {
"length": 935.0,
"function_hash": "69844453905830246677820397096534298013"
},
"id": "CVE-2024-23444-3fa86dc6"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java"
},
"source": "https://github.com/elastic/elasticsearch/commit/61d76462eecaf09ada684d1b5d319b5ff6865a83",
"digest": {
"line_hashes": [
"268439700297186282373755313812072452487",
"26797522030344409565822344236984547088",
"49674375891833826585064844018322645796",
"241861009769944274883436754269135918658",
"110241150124042836880806124194125742521",
"4974205076996931494879974579405987532"
],
"threshold": 0.9
},
"id": "CVE-2024-23444-bda6ba2f"
}
]