CVE-2023-46673 - OpenCVE

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Elastic	Elasticsearch

Configuration 1 [-]

OR	cpe:2.3:a:elastic:elasticsearch::::::::
	cpe:2.3:a:elastic:elasticsearch::::::::

References

Link	Resource
https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708	Vendor Advisory
https://www.elastic.co/community/security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: elastic

Published: 2023-11-22T09:27:10.454Z

Updated: 2023-11-22T09:27:10.454Z

Reserved: 2023-10-24T17:28:32.186Z

Link: CVE-2023-46673

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-22T10:15:08.417

Modified: 2023-11-30T20:22:45.863

Link: CVE-2023-46673

JSON object: View

Redhat Information

No data.

CWE

CWE-755

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5D858CC-723F-44C8-A3EF-90563359D58F", "versionEndExcluding": "7.17.14", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACB218DA-EF68-46A0-9249-7FB7286CE35F", "versionEndExcluding": "8.10.3", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.\n"}, {"lang": "es", "value": "Se identific\u00f3 que los scripts con formato incorrecto utilizados en el procesador de scripts de una canalizaci\u00f3n de ingesta podr\u00edan provocar que un nodo de Elasticsearch fallara al llamar a la API Simulate Pipeline."}], "id": "CVE-2023-46673", "lastModified": "2023-11-30T20:22:45.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "bressers@elastic.co", "type": "Secondary"}]}, "published": "2023-11-22T10:15:08.417", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "bressers@elastic.co", "type": "Secondary"}]}