7.17.21

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-31	CVE-2024-23444	Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation. network low complexity elastic CWE-311	7.5