Miggo Logo
Miggo Vulnerability Database
CVE-2022-23712

CVE-2022-23712:
Improper Check for Unusual or Exceptional Conditions in Elasticsearch

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-23712
GHSA ID
GHSA-wh6w-69xc-5rq5
EPSS Score
0.88095%
CWE
CWE-754
Published
6/7/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.elasticsearch:elasticsearchmaven>= 8.0.0, < 8.2.18.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information describes the vulnerability (CVE-2022-23712) as an improper check for unusual or exceptional conditions in Elasticsearch, allowing an unauthenticated attacker to trigger a node shutdown via a crafted network request. However, the GitHub patch details, commit diffs, or specific code references are explicitly marked as 'Not available' in the input. Without access to the patched code or explicit documentation of the affected functions (e.g., from release notes or vulnerability reports), it is impossible to identify the exact vulnerable functions with high confidence. The vulnerability likely resides in request-handling logic or input validation for network requests, but the lack of code-level evidence prevents precise identification of the functions involved.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **ni*l o* S*rvi** *l*w w*s *is*ov*r** in *l*sti*s**r** *.*.* t*rou** *.*.*. Usin* t*is vuln*r**ility, *n un*ut**nti**t** *tt**k*r *oul* *or*i*ly s*ut *own *n *l*sti*s**r** no** wit* * sp**i*i**lly *orm*tt** n*twork r*qu*st. V*rsion *.*.* *ont*ins *

Reasoning

T** provi*** in*orm*tion **s*ri**s t** vuln*r**ility (*V*-****-*****) *s *n improp*r ****k *or unusu*l or *x**ption*l *on*itions in *l*sti*s**r**, *llowin* *n un*ut**nti**t** *tt**k*r to tri***r * no** s*ut*own vi* * *r**t** n*twork r*qu*st. *ow*v*r,