CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315	Vendor Advisory
https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*

History

04 Feb 2025, 15:00

Type	Values Removed	Values Added
References	~~() https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315 -~~	() https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315 - Vendor Advisory
First Time		Elastic elasticsearch Elastic
CPE		cpe:2.3:a:elastic:elasticsearch::::::::

21 Nov 2024, 08:57

Type	Values Removed	Values Added
References	~~() https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315 -~~	() https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315 -

27 Mar 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-27 18:15

Updated : 2025-02-04 15:00

NVD link : CVE-2024-23451

Mitre link : CVE-2024-23451

CVE.ORG link : CVE-2024-23451

JSON object : View

Products Affected

elastic

elasticsearch

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-23451", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-03-27T18:15:10.330", "references": [{"url": "https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://discuss.elastic.co/t/elasticsearch-8-13-0-security-update-esa-2024-07/356315", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a\u00a0malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue."}, {"lang": "es", "value": "Existe un problema de autorizaci\u00f3n incorrecta en el modelo de seguridad basado en clave API para la seguridad de cl\u00faster remoto, que actualmente se encuentra en versi\u00f3n Beta, en Elasticsearch 8.10.0 y antes de 8.13.0. Esto permite que un usuario malintencionado con una clave API v\u00e1lida para un cl\u00faster remoto configurado para usar la nueva Seguridad de cl\u00faster remoto lea documentos arbitrarios de cualquier \u00edndice en el cl\u00faster remoto, y solo si utilizan el protocolo de transporte personalizado de Elasticsearch para emitir solicitudes con el ID del \u00edndice de destino, el ID del fragmento y el ID del documento. Ninguno de los endpoints de la API REST de Elasticsearch se ve afectado por este problema."}], "lastModified": "2025-02-04T15:00:44.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E269B352-478B-4F77-AFB3-3316EDCADE5C", "versionEndExcluding": "8.13.0", "versionStartIncluding": "8.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}