CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.0%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447
https://security.netapp.com/advisory/ntap-20220729-0003/
https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447
https://security.netapp.com/advisory/ntap-20220729-0003/

Products affected by CVE-2022-23708

Elastic » Elasticsearch » Version: 7.16.0

cpe:2.3:a:elastic:elasticsearch:7.16.0
Elastic » Elasticsearch » Version: 7.16.1

cpe:2.3:a:elastic:elasticsearch:7.16.1
Elastic » Elasticsearch » Version: 7.16.2

cpe:2.3:a:elastic:elasticsearch:7.16.2
Elastic » Elasticsearch » Version: 7.16.3

cpe:2.3:a:elastic:elasticsearch:7.16.3
Elastic » Elasticsearch » Version: 7.17.0

cpe:2.3:a:elastic:elasticsearch:7.17.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23708

Products

Pricing

Contact Us