CVE-2024-52980

State: PUBLISHED · Published: 2025-04-08 · Updated: 2025-04-08 · Assigner: elastic

Description

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.

CWE

CWE-400 — CWE-400 Uncontrolled Resource Consumption

Affected

Elastic / Elasticsearch — v=7.17.0 ≤8.15.0 [affected]

CVSS

3.1 score=6.5 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919

Source

cvelistV5-main/cves/2024/52xxx/CVE-2024-52980.json