Script Processor Vulnerability in Elasticsearch by Elastic
CVE-2023-46673
7.5HIGH
Summary
A vulnerability has been identified in the script processor of the Ingest Pipeline in Elasticsearch, where malformed scripts can cause an Elasticsearch node to crash while executing the Simulate Pipeline API. This situation may result in service disruptions, underscoring the importance of ensuring script integrity before use.
Affected Version(s)
Elasticsearch 7.0.0 < 7.17.14
Elasticsearch 8.0.0 < 8.10.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved