Описание
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
A flaw was found in Elasticsearch. An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. This flaw allows a user who can submit arbitrary queries to Elasticsearch to create a malicious Grok query that crashes the Elasticsearch node. The highest threat from this vulnerability is to system availability.
Отчет
OpenShift Container Platform (OCP) includes an affected version of Elasticsearch in logging-elasticsearch containers. However, Grok is not bundled by Red Hat in the shipped version of Elasticsearch and hence OCP is not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-grafana | Out of support scope | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Not affected | ||
| Red Hat Decision Manager 7 | elasticsearch | Will not fix | ||
| Red Hat Fuse 7 | elasticsearch | Not affected | ||
| Red Hat Integration Camel K 1 | elasticsearch | Not affected | ||
| Red Hat JBoss Data Grid 6 | elasticsearch | Out of support scope | ||
| Red Hat JBoss Fuse 6 | elasticsearch | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | elasticsearch | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...
EPSS
6.5 Medium
CVSS3