CVE-2023-46674
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-46674
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46674.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-46674
- Aliases
- Published
- 2023-12-05T18:15:12Z
- Modified
- 2025-09-19T14:43:42.264206Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2
v1.*
v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1
v5.*
v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v6.*
v6.0.0-alpha1
v6.0.0-alpha2
v7.*
v7.0.0-alpha1
v7.0.0-alpha2
v7.16.0
v7.16.1
v7.17.0
v7.17.1
v7.17.10
v7.17.2
v7.17.3
v7.17.4
v7.17.5
v7.17.6
v7.17.7
v7.17.8
v7.17.9
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2023-46674-00b60f12",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "onTimeout"
},
"digest": {
"function_hash": "195314418732590965725354939268817579205",
"length": 146.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-1fcd1189",
"signature_type": "Line",
"target": {
"file": "test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java"
},
"digest": {
"line_hashes": [
"72919630592977237663209319849732164030",
"76521704441938352809301473684295330845",
"124458734046809073615339615971646274886",
"321749277967783123123457744423093369730",
"175850804632224147493936443727535696380",
"237549774618073494858982752873371504083"
],
"threshold": 0.9
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-223c0843",
"signature_type": "Line",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java"
},
"digest": {
"line_hashes": [
"56791242155093561440754699602922802063",
"261002487472452097014701103809481193688",
"131109347992471159654270056055145833752",
"200639234132288226145088513276953965744",
"118144831024639135110189422974861107720",
"49228099443258558065858014399502429883",
"332655758020155813577638580485534686222",
"50857803150426839998908215835687639859",
"9710934947692630851600506182509812794",
"261787511866824544682895646213160639705",
"138517509961337130602196253545969058444",
"83284010603283708117438542575482424499",
"252373522145478016671270831998752437145",
"29417468945941655047622863672209128699",
"134887005680684580258951937946097390009",
"252325744817033799572496302693953803381",
"115017370080193467773943149914753944287",
"133315093242997616180862281313760892292",
"250174102855802112237270414457094914462",
"79619246098129804658569676333445292211",
"170856146567546713655710523842388127258",
"280604442437447202326689227915262606469",
"306169521098725066678971626983308575877",
"255768783269049914993966125051285606153",
"279721738404654630088762664660771861779",
"9330857611041896104743163708895038967",
"317031562538723450911348523861752655360",
"291737255659935875044156657605589427581",
"152876530606824319058564406881651525873",
"189690571896281131665909864682342051169",
"252373522145478016671270831998752437145",
"29417468945941655047622863672209128699",
"150738123829663981359559271010135400458",
"174429120606179256651310121863042438535",
"236499039190247627118385630810098915580",
"99223937815377541922460579034618562913",
"261079973588162300552612080204985420492",
"28982179535067085260083809830357673720",
"269834952737609041459494327692111641055",
"61829953791553753312764281980827412620",
"147593838403989757216204519467444835098",
"26006940858579834303784044285585845270",
"174429120606179256651310121863042438535",
"236499039190247627118385630810098915580",
"99223937815377541922460579034618562913",
"48956484780317145337141651138969251221",
"335397234988027252993975712824283643788",
"230462371882826048929992659845578938083",
"245563151387423410868264956493634104762",
"66676620923698487146619495888101120651",
"149561838611573326343249976252002800643",
"340164350631336426281487343802411569688",
"315095244973568168306019278635749506103",
"196362540107866293572036416324123498704",
"301977193879913377737314641927580065791",
"206412894707251671972404443318711960731",
"113172224004610473791190451878753397468",
"218386213339092563183584669644162101539",
"42218117717251629638485709362637725545",
"335532789415988750949877313392884914810",
"65119227745230250479432900347936903516",
"78720146323125882174786020939685571404",
"126451541553889899618033324826149080818",
"249314992251646842246419365227856662758",
"32579291432328381625633489416327458322",
"295473812150833999708077697971903977411",
"28934871723297847993530655881412687601",
"6741051929551579546799510754391045069",
"295702132223144576940569905118859961445",
"139825107054965911633633869372380447272",
"162607652827565910634421011952386061093",
"192426317259820270862785836111341523480",
"178849378794461678186689278169579448859",
"197835779518925172303823966988342437391",
"332473788036589095699928315267305083110",
"113152760493303842239299050364344672790",
"290448987826253346555777498971856053843",
"257824889015565095000021337625303271427",
"263794231146895215138690304629306737234",
"297154916609590641782548178578456068115",
"130690306339408808008468155129358475444",
"182963491303127398199413243024519850192",
"175712956875941503122639889853921918135",
"301008993903053316247719074910181490375",
"217361182337667429294877899192703188469",
"154542945416712978382397838233270084410",
"90632734748478038911158952026282242097",
"90863667821100717170532126586642156710",
"171883460725082841485319997284438119050",
"131087270771501167148896705408115395898",
"271515030087108423566002942475295187804"
],
"threshold": 0.9
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-28aa27dd",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "waitForEventsAndExecuteHealth"
},
"digest": {
"function_hash": "175726788085796966782629847738595060846",
"length": 2701.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-292ae87b",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "masterOperation"
},
"digest": {
"function_hash": "132937421475890902392174792251740618521",
"length": 455.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-3c9ccc52",
"signature_type": "Function",
"target": {
"file": "server/src/test/java/org/elasticsearch/cluster/health/ClusterStateHealthTests.java",
"function": "testClusterHealthWaitsForClusterStateApplication"
},
"digest": {
"function_hash": "251562323171333253086246984592288882272",
"length": 1480.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-4b3774a4",
"signature_type": "Line",
"target": {
"file": "server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterHealthAction.java"
},
"digest": {
"line_hashes": [
"155962608250304230763121350031407172164",
"242717823275861031067029802018847323086",
"307757298760905004822740541074250385852",
"162899303504247520377413025632430404562",
"178485864041491068476686119065062008533",
"15274643139537649001307426591691674992",
"5098805821060262379383626982216813773",
"248608060240417453632379199807008690718"
],
"threshold": 0.9
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-5bda2207",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterHealthAction.java",
"function": "prepareRequest"
},
"digest": {
"function_hash": "211245911209175656390143185205842156867",
"length": 244.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-6da398ca",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "clusterStateProcessed"
},
"digest": {
"function_hash": "5404235771998888714081072981406497139",
"length": 536.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-6f4b9c58",
"signature_type": "Line",
"target": {
"file": "server/src/test/java/org/elasticsearch/cluster/health/ClusterStateHealthTests.java"
},
"digest": {
"line_hashes": [
"180711593914136683470271172114839299871",
"42196855722912047301929948827606393857",
"49919856636442879718633512225542789782",
"106424972879072071405689693783180951279",
"207775338532262093297481938210699369834",
"211288110628335819010801587018502326854",
"177488638003365188078098354067096729753",
"181022521802483312386937311454532743130",
"162958714978688031415971742650611826044",
"92807347980513346755242221861534215116",
"207006766408926886605710327214752179240",
"140707279872837144279965293733056036369",
"50583490959650044458984761833790113674",
"176644145481638765898600468899354693926",
"252621993473906174156296812833336622442",
"140575960612630349444267340585258434765"
],
"threshold": 0.9
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-a03f6dd3",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "onFailure"
},
"digest": {
"function_hash": "6474068417774092020634181732763771862",
"length": 338.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-c92be6ae",
"signature_type": "Line",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/ClusterHealthRequest.java"
},
"digest": {
"line_hashes": [
"25305633625658196018831241284855580218",
"169651598616811474482466104901414717818",
"289456362489181746088668429790502886300",
"287417607446545462087396542818238113508",
"97671628464759580500551447523687287125",
"234916791305774367641869177000256360774",
"9196050395012555782273868136664546074",
"138830480758109085374865192511230789358"
],
"threshold": 0.9
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-ced2ca53",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "clusterStateProcessed"
},
"digest": {
"function_hash": "228981500300247243571845585931063640017",
"length": 395.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-dc23d544",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "getResponse"
},
"digest": {
"function_hash": "3103055835509618735414406246996403859",
"length": 483.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2023-46674-f37c4a92",
"signature_type": "Function",
"target": {
"file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
"function": "executeHealth"
},
"digest": {
"function_hash": "97289872469176408882290985059139290681",
"length": 1060.0
},
"source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885",
"signature_version": "v1",
"deprecated": false
}
]
}