fkie_cve-2024-52980
Vulnerability from fkie_nvd
Published
2025-04-08 17:15
Modified
2025-04-08 18:13
Severity ?
Summary
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.
A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\n\nA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them." }, { "lang": "es", "value": "Se descubri\u00f3 una falla en Elasticsearch. Una recursi\u00f3n extensa con la funci\u00f3n innerForbidCircularReferences de la clase PatternBank pod\u00eda provocar el bloqueo del nodo Elasticsearch. Para que el ataque tenga \u00e9xito, se requiere que un usuario malintencionado tenga asignado el privilegio read_pipeline del cl\u00faster de Elasticsearch." } ], "id": "CVE-2024-52980", "lastModified": "2025-04-08T18:13:53.347", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "bressers@elastic.co", "type": "Secondary" } ] }, "published": "2025-04-08T17:15:34.880", "references": [ { "source": "bressers@elastic.co", "url": "https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919" } ], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "bressers@elastic.co", "type": "Secondary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…