{ "id": "CVE-2022-23712", "sourceIdentifier": "bressers@elastic.co", "published": "2022-06-06T18:15:09.300", "lastModified": "2024-11-21T06:49:09.573", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request." }, { "lang": "es", "value": "Se ha detectado un fallo de Denegaci\u00f3n de Servicio en Elasticsearch. Usando esta vulnerabilidad, un atacante no autenticado podr\u00eda cerrar por la fuerza un nodo de Elasticsearch con una petici\u00f3n de red con un formato espec\u00edfico" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "bressers@elastic.co", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-754" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.2.1", "matchCriteriaId": "D68D665A-3685-4A99-A86D-22655151A6B8" } ] } ] } ], "references": [ { "url": "https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530", "source": "bressers@elastic.co", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20220707-0010/", "source": "bressers@elastic.co", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.elastic.co/community/security/", "source": "bressers@elastic.co", "tags": [ "Vendor Advisory" ] }, { "url": "https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20220707-0010/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.elastic.co/community/security/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }