Описание
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
A flaw was found in Elasticsearch. This vulnerability allows user impersonation via specially crafted client certificates signed by a legitimate, trusted Certificate Authority (CA).
Отчет
This vulnerability is rated Moderate for Red Hat because it allows user impersonation in Elasticsearch PKI realm. Exploitation requires a malicious actor to possess a specially crafted client certificate signed by a legitimate, trusted Certificate Authority. This impacts Elasticsearch deployments configured with PKI authentication.
Меры по смягчению последствий
To reduce the risk of exploitation, ensure that the Certificate Authority (CA) used for the Elasticsearch PKI realm is highly secured and has robust controls in place to prevent the signing of unauthorized client certificates. Additionally, restrict network access to the Elasticsearch instance to only trusted clients and networks, for example, by configuring firewall rules to limit inbound connections to the Elasticsearch port.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-operator-bundle | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel9 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-operator-bundle | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-proxy-rhel9 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel9-operator | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel8 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel9 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Affected |
Показывать по
Дополнительная информация
Статус:
7.4 High
CVSS3
Связанные уязвимости
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
Improper Authentication in Elasticsearch PKI realm can lead to user im ...
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
7.4 High
CVSS3