CVE-2023-46673

MEDIUM6.5EPSS 0.46%

Elasticsearch Improper Handling of Exceptional Conditions

Published: 11/22/2023Modified: 4/3/2025

Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Affected packages (2)

Bitnami/elasticsearch>= 7.0.0, < 7.17.14, >= 8.0.0, < 8.10.3
Maven/org.elasticsearch:elasticsearch>= 7.0.0, < 7.17.14

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-46673
PATCHhttps://github.com/elastic/elasticsearch
WEBhttps://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
WEBhttps://www.elastic.co/community/security