cbcvebase.
CVE-2023-31418
published 2023-10-26

CVE-2023-31418: An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITW
Exploited in the wild
EPSS
1.23%
65.2th percentile
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

Affected

7 ranges
VendorProductVersion rangeFixed in
elasticelastic_cloud_enterprise<= 2.13.3
elasticelastic_cloud_enterprise
elasticelasticsearch<= 7.17.12
elasticelasticsearch
elasticelasticsearch>= 2.13.3 < 3.6.03.6.0
elasticelasticsearch>= 8.0.0 < 8.8.28.8.2
elasticelasticsearch8.0.0 – 8.8.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.