CVE-2023-46674
CVSS V2 None
CVSS V3 None
Description
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
Overview
- CVE ID
- CVE-2023-46674
- Assigner
- elastic
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-05T17:21:59.184Z
- Last Modified Date
- 2023-12-05T17:21:59.184Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://discuss.elastic.co/t/elasticsearch-hadoop-7-17-11-8-9-0-security-update-esa-2023-28/348663 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-46674 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46674 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 22:21:26 | Added to TrackCVE |