CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37282
https://notcve.org/view.php?id=CVE-2024-37282
28 Jun 2024 — It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges. • https://discuss.elastic.co/t/elastic-cloud-enterprise-3-7-2-security-update-esa-2024-18/362181 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31418 – Elasticsearch uncontrolled resource consumption
https://notcve.org/view.php?id=CVE-2023-31418
26 Oct 2023 — An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. Se identificó un problema con la forma en que Elasticsearch manejó las solicitudes entrantes en la capa HTTP. Un usuario no a... • https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 • CWE-400: Uncontrolled Resource Consumption •