CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52979 – Elasticsearch Uncontrolled Resource Consumption vulnerability
https://notcve.org/view.php?id=CVE-2024-52979
01 May 2025 — Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash. • https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12539 – Elasticsearch Incorrect Authorization
https://notcve.org/view.php?id=CVE-2024-12539
17 Dec 2024 — An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. • https://discuss.elastic.co/t/elasticsearch-8-16-2-8-17-0-security-update/372091 • CWE-863: Incorrect Authorization •