Описание
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
Отчет
Red Hat rates this as a moderate impact, as this issue could only be triggered if a malicious user is pre-authenticated in order to process a script via Ingest Pipeline.
Меры по смягчению последствий
No mitigation is yet available for this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | elasticsearch6-container | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel8-operator | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
It was identified that malformed scripts used in the script processor ...
Elasticsearch Improper Handling of Exceptional Conditions
7.5 High
CVSS3