CVE-2023-46673 Vulnerability Details

  /     /     /  

CVE-2023-46673 Metadata Quick Info

CVE Published: 22/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: elastic | Vendor: Elastic | Product: Elasticsearch
Status : PUBLISHED

---

CVE-2023-46673 Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-755
CWE Name: CWE-755 Improper Handling of Exceptional Conditions
Source: Elastic

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).