-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description indicates a logic flaw in how Elasticsearch handles cross-cluster API key permissions when both search restrictions (query/field_security) and replication privileges are granted on the same index. However, the provided information lacks specific code references, commit diffs, or implementation details that would allow precise identification of vulnerable functions. The issue appears to stem from an architectural limitation in permission evaluation logic rather than a specific function, and the security advisory explicitly states this was a GA feature in 8.14.0 (previously beta). Without access to Elasticsearch's internal authorization implementation or patch details, we cannot confidently map this vulnerability to specific functions with high certainty.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.elasticsearch:elasticsearch | maven | > 8.10.0, < 8.14.0 | 8.14.0 |
JavaJavaOngoing coverage of React2Shell