Elasticsearch Resource Denial of Service

MEDIUM (4.9) No Patch
apachecwe-770denial-of-servicedoselasticsearchjavamaven

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Elasticsearch is a popular open-source search and analytics engine used by many organizations for data storage and retrieval. The vulnerability described in this CVE allows an authenticated user with snapshot restore privileges to cause excessive resource allocation, leading to a denial-of-service (DoS) attack via crafted HTTP requests.

Am I affected?

You're affected if you use Elasticsearch version 8.19.8 or earlier. Check with: curl -s -XGET 'http://localhost:9200/_nodes/stats/mem' | grep "heap_size" to detect the vulnerability.

Note: This CVE is specific to Elasticsearch 8.x and does not affect other versions of Elasticsearch, such as 7.x or earlier.

Affected Packages

maven: org.elasticsearch/elasticsearch

Affected Products

Elastic / Elasticsearch

How to fix

To fix this issue:

  1. Upgrade to Elasticsearch version 8.19.9 or later.
  2. Immediate mitigations:
  3. Disable snapshot restore privileges for the affected user.
  4. Monitor system resources for signs of excessive allocation.

References