Описание
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
A flaw was found in the upgrade assistant for Elasticsearch. When upgrading from version 6.x to 7.x, the built-in protections on the security index are disabled, allowing authenticated users to access the index.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Decision Manager 7 | elasticsearch | Not affected | ||
| Red Hat Fuse 7 | elasticsearch | Not affected | ||
| Red Hat Integration Camel K 1 | elasticsearch | Not affected | ||
| Red Hat JBoss Data Grid 6 | elasticsearch | Out of support scope | ||
| Red Hat JBoss Fuse 6 | elasticsearch | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | elasticsearch | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
A flaw was discovered in Elasticsearch 7.17.0\u2019s upgrade assistant ...
EPSS
4.3 Medium
CVSS3