CVE-2023-46673
published 2023-11-22CVE-2023-46673: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.84%
53.3th percentile
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | >= 7.0.0 < 7.17.14 | 7.17.14 |
| elastic | elasticsearch | >= 8.0.0 < 8.10.3 | 8.10.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Elasticsearch Improper Handling of Exceptional Conditions
osv·2023-11-22
CVE-2023-46673 [MEDIUM] Elasticsearch Improper Handling of Exceptional Conditions
Elasticsearch Improper Handling of Exceptional Conditions
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
OSV
CVE-2023-46673: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling th
osv·2023-11-22·CVSS 7.5
CVE-2023-46673 [HIGH] CVE-2023-46673: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling th
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
GHSA
Elasticsearch Improper Handling of Exceptional Conditions
ghsa·2023-11-22
CVE-2023-46673 [MEDIUM] CWE-755 Elasticsearch Improper Handling of Exceptional Conditions
Elasticsearch Improper Handling of Exceptional Conditions
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
Red Hat
elasticsearch: Improper Handling of Exceptional Conditions
vendor_redhat·2023-11-22·CVSS 6.5
CVE-2023-46673 [MEDIUM] CWE-755 elasticsearch: Improper Handling of Exceptional Conditions
elasticsearch: Improper Handling of Exceptional Conditions
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
Statement: Red Hat rates this as a moderate impact, as this issue could only be triggered if a malicious user is pre-authenticated in order to process a script via Ingest Pipeline.
Mitigation: No mitigation is yet available for this flaw.
Package: elasticsearch6-container (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: openshift-logging/elasticsearch-r
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-22
Published