CVE-2024-23451

Name of the Vulnerable Software and Affected Versions Elasticsearch versions 8.10.0 through 8.12.x

Description The issue is related to an Incorrect Authorization problem in the API key based security model for Remote Cluster Security, which is currently in Beta. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster. The exploitation is possible only if the malicious user uses the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID, and the document ID. None of the Elasticsearch REST API endpoints are affected by this issue.

Recommendations For Elasticsearch versions 8.10.0 through 8.12.x, update to the latest Elasticsearch version immediately to resolve the issue. As a temporary workaround, consider restricting access to the Remote Cluster Security feature until the update is applied. Additionally, restrict the use of the Elasticsearch custom transport protocol to minimize the risk of exploitation.