CVE-2024-23451
Vulnerability from cvelistv5
Published
2024-03-27 18:03
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Elastic | Elasticsearch |
Version: 8.10.0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-23451", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-27T19:31:24.956481Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:18.264Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:06:24.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Elasticsearch", "repo": "https://github.com/elastic/elasticsearch", "vendor": "Elastic", "versions": [ { "lessThan": "8.13.0", "status": "affected", "version": "8.10.0", "versionType": "semver" } ] } ], "datePublic": "2024-03-27T17:52:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a\u0026nbsp;malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue." } ], "value": "Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a\u00a0malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue." } ], "impacts": [ { "capecId": "CAPEC-1", "descriptions": [ { "lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T18:03:54.735Z", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "url": "https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315" } ], "source": { "discovery": "UNKNOWN" }, "title": "Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2024-23451", "datePublished": "2024-03-27T18:03:25.802Z", "dateReserved": "2024-01-16T21:31:26.030Z", "dateUpdated": "2024-08-01T23:06:24.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-23451\",\"sourceIdentifier\":\"bressers@elastic.co\",\"published\":\"2024-03-27T18:15:10.330\",\"lastModified\":\"2024-11-21T08:57:44.157\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a\u00a0malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de autorizaci\u00f3n incorrecta en el modelo de seguridad basado en clave API para la seguridad de cl\u00faster remoto, que actualmente se encuentra en versi\u00f3n Beta, en Elasticsearch 8.10.0 y antes de 8.13.0. Esto permite que un usuario malintencionado con una clave API v\u00e1lida para un cl\u00faster remoto configurado para usar la nueva Seguridad de cl\u00faster remoto lea documentos arbitrarios de cualquier \u00edndice en el cl\u00faster remoto, y solo si utilizan el protocolo de transporte personalizado de Elasticsearch para emitir solicitudes con el ID del \u00edndice de destino, el ID del fragmento y el ID del documento. Ninguno de los endpoints de la API REST de Elasticsearch se ve afectado por este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"bressers@elastic.co\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"bressers@elastic.co\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315\",\"source\":\"bressers@elastic.co\"},{\"url\":\"https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.