An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elasticsearch-hadoop-7-17-11-8-9-0-security-update-esa-2023-28/348663 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2023-12-05T17:21:59.184Z
Updated: 2023-12-05T17:21:59.184Z
Reserved: 2023-10-24T17:28:32.186Z
Link: CVE-2023-46674
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-05T18:15:12.380
Modified: 2023-12-12T01:40:18.040
Link: CVE-2023-46674
JSON object: View
Redhat Information
No data.
CWE