CVE-2024-23450

2024-03-2717:15:53

CWE-400

elastic

web.nvd.nist.gov

elasticsearch

ingest node

cve-2024-23450

nvd

flaw

crash

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.8

Confidence

High

EPSS

Percentile

15.5%

JSON

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Elasticsearch",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThan": "7.17.19",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.13.0",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      }
    ]
  }
]