Main Vulnerability Database SB2024060702

SB2024060702 - Information disclosure in Elasticsearch

Published: June 7, 2024

Security Bulletin ID SB2024060702

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization (CVE-ID: CVE-2024-23451)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper authorization within the API key based security model for Remote Cluster Security. A remote user with a valid API key for a remote cluster configured to use new Remote Cluster Security can read arbitrary documents from any index on the remote cluster, if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID.

Remediation

Install update from vendor's website.

References

https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315