CVE-2024-23444

Summary

CVE-2024-23444 is a vulnerability affecting Elasticsearch's elasticsearch-certutil CLI tool. When creating a new Certificate Signing Request (CSR) using the csr option, an unencrypted private key is generated and stored on disk, despite the use of the --pass parameter to secure key input during command invocation. This issue poses a significant risk as unencrypted private keys may be accessed by unauthorized users, potentially leading to data breaches or other malicious activities. Elastic engineering discovered and disclosed this vulnerability. Users are advised to upgrade to the latest version of Elasticsearch and avoid using hardcoded or easily guessable passphrases for private keys.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.