CVE-2022-23708
CVSS v3.1
4.3 (Medium)
CVSS v2.0
4 (Medium)
EPSS
0.05 % (24th)
Affected Products
1
Advisories
1
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CWE-NVD-Other
- CVE Status
- PUBLISHED
- CNA
- Elastic
- Published Date
-
2022-03-03 22:15:08
(2 years ago) - Updated Date
-
2023-07-03 20:34:44
(14 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...