CVE-2023-31418

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616	Vendor Advisory
https://security.netapp.com/advisory/ntap-20231130-0005/
https://www.elastic.co/community/security	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elastic:elasticsearch::::::::
	cpe:2.3:a:elastic:elasticsearch::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:elastic:elastic_cloud_enterprise::::::::
	cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.0:::::::*

History

30 Nov 2023, 22:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20231130-0005/ -

06 Nov 2023, 18:36

Type	Values Removed	Values Added
References	~~(MISC) https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 -~~	(MISC) https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616 - Vendor Advisory
References	~~(MISC) https://www.elastic.co/community/security -~~	(MISC) https://www.elastic.co/community/security - Vendor Advisory
First Time		Elastic Elastic elasticsearch Elastic elastic Cloud Enterprise
CWE		CWE-400
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.0:::::::* cpe:2.3:a:elastic:elasticsearch:::::::: cpe:2.3:a:elastic:elastic_cloud_enterprise::::::::

26 Oct 2023, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-26 18:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-31418

Mitre link : CVE-2023-31418

CVE.ORG link : CVE-2023-31418

JSON object : View

Products Affected

elastic

elasticsearch
elastic_cloud_enterprise

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-31418", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-10-26T18:15:08.587", "references": [{"url": "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://security.netapp.com/advisory/ntap-20231130-0005/", "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild."}, {"lang": "es", "value": "Se identific\u00f3 un problema con la forma en que Elasticsearch manej\u00f3 las solicitudes entrantes en la capa HTTP. Un usuario no autenticado podr\u00eda forzar la salida de un nodo de Elasticsearch con un error OutOfMemory enviando una cantidad moderada de solicitudes HTTP con formato incorrecto. El problema fue identificado por Elastic Engineering y no tenemos indicios de que se conozca o de que est\u00e9 siendo explotado en la naturaleza."}], "lastModified": "2023-11-30T22:15:07.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7782710-73A4-4698-872E-CD9FE4362872", "versionEndIncluding": "7.17.12"}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A93493-7FF2-46D1-8855-40B7CA831C47", "versionEndIncluding": "8.8.2", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9311B386-FAD0-4DB8-A059-DAA46549F1D8", "versionEndIncluding": "2.13.3"}, {"criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20740FCD-DA43-49EF-B2E9-C85DFD13881A"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}