CVE-2023-46674
Description
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.064
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-46674 are fixed in Elastic - elasticsearch-hadoop 7.17.11 | Windows |
| Vulnerabilities CVE-2023-46674 are fixed in Elastic - elasticsearch-hadoop 8.9.0 | Windows |
| Vulnerabilities CVE-2023-46674 are fixed in Elastic - elasticsearch-hadoop for Linux 7.17.11 | Linux |
| Vulnerabilities CVE-2023-46674 are fixed in Elastic - elasticsearch-hadoop for Linux 8.9.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234