CVE-2023-46673Improper Handling of Exceptional Conditions in Elasticsearch

CWE-755Improper Handling of Exceptional Conditions6 documents5 sources
Severity
7.5HIGHNVD
CNA6.5
EPSS
0.5%
top 35.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Elasticsearch
Timeline
PublishedNov 22

Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elasticsearch7.0.07.17.14+1
NVDelastic/elasticsearch7.0.07.17.14+1

🔴Vulnerability Details

4
OSV
Elasticsearch Improper Handling of Exceptional Conditions2023-11-22
CVEList
CVE-2023-46673: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling th2023-11-22
OSV
CVE-2023-46673: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling th2023-11-22
GHSA
Elasticsearch Improper Handling of Exceptional Conditions2023-11-22

📋Vendor Advisories

1
Red Hat
elasticsearch: Improper Handling of Exceptional Conditions2023-11-22
CVE-2023-46673 — Elastic Elasticsearch vulnerability | cvebase