CVE-2023-46673 — Elasticsearch Improper Handling of Exceptional Conditions

Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

How to fix CVE-2023-46673

To remediate CVE-2023-46673, upgrade the affected package to a fixed version below.

Bitnami/elasticsearch—upgrade to 7.17.14 or later
—upgrade to 7.17.14 or later

Is CVE-2023-46673 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 7.0.0, < 7.17.14, >= 8.0.0, < 8.10.3
>= 7.0.0, < 7.17.14

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-46673
PATCHgithub.com/elastic/elasticsearch
WEBdiscuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
WEBwww.elastic.co/community/security