exploitDog

GHSA-r8gr-36v8-m732

Опубликовано: 17 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 2.3

CVSS3: 4.2

Описание

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

Ссылки

EPSS

Процентиль: 11%

0.00037

Низкий

2.3 Low

CVSS4

4.2 Medium

CVSS3

CVE ID

Дефекты

CWE-295

Связанные уязвимости

CVE-2025-35434

CVSS3: 4.2

nvd

5 месяцев назад

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

EPSS

Процентиль: 11%

0.00037

Низкий

2.3 Low

CVSS4

4.2 Medium

CVSS3

CVE ID

Дефекты

CWE-295