Home > Vulnerability Database > CVE-2023-49921

Mend.io Vulnerability Database

CVE-2023-49921

Good to know:

Date: December 2, 2023

A flaw was found in Elasticsearch. Watcher search input is logged in the search query results when using the DEBUG log level, which could lead to excessive logging of unnecessary and unauthorized content.This affects Elasticsearch versions on or after 7.0.0 and before 7.17.16 and 8.0.0 and before 8.11.2.

Language: Java

Severity Score

5.2

Related Resources (4)

Url: https://github.com/elastic/elasticsearch/commit/5bb05c343acbf7c3110b71abc20f49c436ad96f4

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2254251

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49921

Url: https://www.mend.io/vulnerability-database/CVE-2023-49921

Severity Score

5.2

Top Fix

Upgrade Version

Upgrade to version v7.17.16,v8.11.2

Learn More

CVSS v3.1

Base Score:	5.2
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49921

Good to know:

Date: December 2, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?