CVE-2023-46673

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 22, 2023

Updated: Nov 30, 2023

CWE ID 755

Summary

CVE-2023-46673 is a vulnerability affecting Elasticsearch nodes. Maliciously crafted scripts used in Ingest Pipeline's script processor can result in the node crashing when interacting with the Simulate Pipeline API. This issue poses a potential risk for denial-of-service attacks, leading to disrupted services and data access. Users are advised to update their Elasticsearch installations to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elasticsearch

Affected Vendors

Elastic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwSmv
https://www.cve.org/CVERecord?id=CVE-2023-46673
https://nvd.nist.gov/vuln/detail/CVE-2023-46673

Back to Vulnerability Database