Vulnerability identifier: #VU91267
Vulnerability risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Elasticsearch
Web applications /
Other software
Vendor: Elastic Stack
Description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper authorization within the API key based security model for Remote Cluster Security. A remote user with a valid API key for a remote cluster configured to use new Remote Cluster Security can read arbitrary documents from any index on the remote cluster, if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Elasticsearch: 8.10.0 - 8.12.2
External links
http://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.