{
  "threat_severity" : "Moderate",
  "public_date" : "2023-11-22T00:00:00Z",
  "bugzilla" : {
    "description" : "elasticsearch: Improper Handling of Exceptional Conditions",
    "id" : "2251123",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2251123"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-755",
  "details" : [ "It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.", "A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API." ],
  "statement" : "Red Hat rates this as a moderate impact, as this issue could only be triggered if a malicious user is pre-authenticated in order to process a script via Ingest Pipeline.",
  "package_state" : [ {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "elasticsearch6-container",
    "cpe" : "cpe:/a:redhat:logging:5"
  }, {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "openshift-logging/elasticsearch-rhel8-operator",
    "cpe" : "cpe:/a:redhat:logging:5"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Affected",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-46673\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46673\nhttps://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708" ],
  "name" : "CVE-2023-46673",
  "mitigation" : {
    "value" : "No mitigation is yet available for this flaw.",
    "lang" : "en:us"
  },
  "csaw" : false
}