CVE-2022-23708
N/A
N/A
Summary
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | elasticsearch | Versions 7.16.0 through 7.17.0 | affected |
Weaknesses
- CWE-264: CWE-264
ADP Enrichment
CVE Program Container
Additional References
- https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447
- https://security.netapp.com/advisory/ntap-20220729-0003/
References
- https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447
- https://security.netapp.com/advisory/ntap-20220729-0003/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.