CVE-2022-23708

CVSS v3.1 4.3 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.05 % (24^th)

Affected Products 1

Advisories 1

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls
CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Elastic
Published Date: 2022-03-03 22:15:08
(2 years ago)
Updated Date: 2023-07-03 20:34:44
(14 months ago)

Affected Products

Elastic

Elasticsearch

Configuration #1

		CPE23	From	Up To
	Elasticsearch from 7.16.0 version and prior 7.17.1 version	cpe:2.3:a:elastic:elasticsearch	>= 7.16.0	< 7.17.1