Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2022-23708

Published: 03/03/2022 Updated: 03/07/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Elastic

Vulnerability Summary

A flaw exists in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

elastic elasticsearch

Vendor Advisories

Red Hat:
A flaw was discovered in Elasticsearch 7170’s upgrade assistant, in which upgrading from version 6x to 7x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index ...

References

NVD-CWE-Otherhttps://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447https://security.netapp.com/advisory/ntap-20220729-0003/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-23708
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook