CVE-2023-46674

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 5, 2023

Updated: Dec 12, 2023

CWE ID 502

Summary

CVE-2023-46674 is a vulnerability affecting Hadoop and Spark configurations in Elastic. It involves unsafe deserialization of java objects, allowing authenticated users to modify these properties. This issue could result in unintended code execution and potential security risks. Elastic extends their gratitude to Yakov Shafranovich from Amazon Web Services for bringing this matter to their attention.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elasticsearch

Affected Vendors

Elastic

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwVAW
https://www.cve.org/CVERecord?id=CVE-2023-46674
https://nvd.nist.gov/vuln/detail/CVE-2023-46674

Back to Vulnerability Database