CVE-2022-23712

Published: Jun 6, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

Affected (1)

Products: Elastic: Elasticsearch

Elastic

1 product

Elasticsearch

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elastic Elasticsearch	From 8.0.0 to 8.2.1

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (6)

https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530

Source: security@elastic.co

Release NotesVendor Advisory

https://security.netapp.com/advisory/ntap-20220707-0010/

Source: security@elastic.co

Third Party Advisory

https://www.elastic.co/community/security/

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://security.netapp.com/advisory/ntap-20220707-0010/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.elastic.co/community/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.