CVE-2024-52980

Опубликовано: 08 апр. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.

A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.

Ссылки

https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*

Версия от 7.17.0 (включая) до 8.15.1 (исключая)

EPSS

Процентиль: 50%

0.00268

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

CVE-2024-52980

CVSS3: 6.5

ubuntu

10 месяцев назад

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.

CVE-2024-52980

msrc

5 месяцев назад

Elasticsearch Uncontrolled Resource Consumption vulnerability

CVE-2024-52980

CVSS3: 6.5

debian

10 месяцев назад

A flaw was discovered in Elasticsearch, where a large recursion using ...

GHSA-ghfh-p92w-j4mg

CVSS3: 6.5

github

10 месяцев назад

Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function

EPSS

Процентиль: 50%

0.00268

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400