8.16.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

elastic

CWE-863

NVD

Published: 2024-12-17

Updated: 2025-02-04

Summary

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Elasticsearch 8.16.0 Elastic Elasticsearch 8.16.1	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://discuss.elastic.co/t/elasticsearch-8-16-2-8-17-0-security-update/372091