CVE-2023-46674

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-46674
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46674.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-46674
Aliases
Published
2023-12-05T18:15:12Z
Modified
2025-09-19T14:43:42.264206Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2

v1.*

v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1

v5.*

v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5

v6.*

v6.0.0-alpha1
v6.0.0-alpha2

v7.*

v7.0.0-alpha1
v7.0.0-alpha2
v7.16.0
v7.16.1
v7.17.0
v7.17.1
v7.17.10
v7.17.2
v7.17.3
v7.17.4
v7.17.5
v7.17.6
v7.17.7
v7.17.8
v7.17.9

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-46674-00b60f12",
            "digest": {
                "length": 146.0,
                "function_hash": "195314418732590965725354939268817579205"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "onTimeout"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-1fcd1189",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "72919630592977237663209319849732164030",
                    "76521704441938352809301473684295330845",
                    "124458734046809073615339615971646274886",
                    "321749277967783123123457744423093369730",
                    "175850804632224147493936443727535696380",
                    "237549774618073494858982752873371504083"
                ]
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-223c0843",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "56791242155093561440754699602922802063",
                    "261002487472452097014701103809481193688",
                    "131109347992471159654270056055145833752",
                    "200639234132288226145088513276953965744",
                    "118144831024639135110189422974861107720",
                    "49228099443258558065858014399502429883",
                    "332655758020155813577638580485534686222",
                    "50857803150426839998908215835687639859",
                    "9710934947692630851600506182509812794",
                    "261787511866824544682895646213160639705",
                    "138517509961337130602196253545969058444",
                    "83284010603283708117438542575482424499",
                    "252373522145478016671270831998752437145",
                    "29417468945941655047622863672209128699",
                    "134887005680684580258951937946097390009",
                    "252325744817033799572496302693953803381",
                    "115017370080193467773943149914753944287",
                    "133315093242997616180862281313760892292",
                    "250174102855802112237270414457094914462",
                    "79619246098129804658569676333445292211",
                    "170856146567546713655710523842388127258",
                    "280604442437447202326689227915262606469",
                    "306169521098725066678971626983308575877",
                    "255768783269049914993966125051285606153",
                    "279721738404654630088762664660771861779",
                    "9330857611041896104743163708895038967",
                    "317031562538723450911348523861752655360",
                    "291737255659935875044156657605589427581",
                    "152876530606824319058564406881651525873",
                    "189690571896281131665909864682342051169",
                    "252373522145478016671270831998752437145",
                    "29417468945941655047622863672209128699",
                    "150738123829663981359559271010135400458",
                    "174429120606179256651310121863042438535",
                    "236499039190247627118385630810098915580",
                    "99223937815377541922460579034618562913",
                    "261079973588162300552612080204985420492",
                    "28982179535067085260083809830357673720",
                    "269834952737609041459494327692111641055",
                    "61829953791553753312764281980827412620",
                    "147593838403989757216204519467444835098",
                    "26006940858579834303784044285585845270",
                    "174429120606179256651310121863042438535",
                    "236499039190247627118385630810098915580",
                    "99223937815377541922460579034618562913",
                    "48956484780317145337141651138969251221",
                    "335397234988027252993975712824283643788",
                    "230462371882826048929992659845578938083",
                    "245563151387423410868264956493634104762",
                    "66676620923698487146619495888101120651",
                    "149561838611573326343249976252002800643",
                    "340164350631336426281487343802411569688",
                    "315095244973568168306019278635749506103",
                    "196362540107866293572036416324123498704",
                    "301977193879913377737314641927580065791",
                    "206412894707251671972404443318711960731",
                    "113172224004610473791190451878753397468",
                    "218386213339092563183584669644162101539",
                    "42218117717251629638485709362637725545",
                    "335532789415988750949877313392884914810",
                    "65119227745230250479432900347936903516",
                    "78720146323125882174786020939685571404",
                    "126451541553889899618033324826149080818",
                    "249314992251646842246419365227856662758",
                    "32579291432328381625633489416327458322",
                    "295473812150833999708077697971903977411",
                    "28934871723297847993530655881412687601",
                    "6741051929551579546799510754391045069",
                    "295702132223144576940569905118859961445",
                    "139825107054965911633633869372380447272",
                    "162607652827565910634421011952386061093",
                    "192426317259820270862785836111341523480",
                    "178849378794461678186689278169579448859",
                    "197835779518925172303823966988342437391",
                    "332473788036589095699928315267305083110",
                    "113152760493303842239299050364344672790",
                    "290448987826253346555777498971856053843",
                    "257824889015565095000021337625303271427",
                    "263794231146895215138690304629306737234",
                    "297154916609590641782548178578456068115",
                    "130690306339408808008468155129358475444",
                    "182963491303127398199413243024519850192",
                    "175712956875941503122639889853921918135",
                    "301008993903053316247719074910181490375",
                    "217361182337667429294877899192703188469",
                    "154542945416712978382397838233270084410",
                    "90632734748478038911158952026282242097",
                    "90863667821100717170532126586642156710",
                    "171883460725082841485319997284438119050",
                    "131087270771501167148896705408115395898",
                    "271515030087108423566002942475295187804"
                ]
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-28aa27dd",
            "digest": {
                "length": 2701.0,
                "function_hash": "175726788085796966782629847738595060846"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "waitForEventsAndExecuteHealth"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-292ae87b",
            "digest": {
                "length": 455.0,
                "function_hash": "132937421475890902392174792251740618521"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "masterOperation"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-3c9ccc52",
            "digest": {
                "length": 1480.0,
                "function_hash": "251562323171333253086246984592288882272"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/test/java/org/elasticsearch/cluster/health/ClusterStateHealthTests.java",
                "function": "testClusterHealthWaitsForClusterStateApplication"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-4b3774a4",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "155962608250304230763121350031407172164",
                    "242717823275861031067029802018847323086",
                    "307757298760905004822740541074250385852",
                    "162899303504247520377413025632430404562",
                    "178485864041491068476686119065062008533",
                    "15274643139537649001307426591691674992",
                    "5098805821060262379383626982216813773",
                    "248608060240417453632379199807008690718"
                ]
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterHealthAction.java"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-5bda2207",
            "digest": {
                "length": 244.0,
                "function_hash": "211245911209175656390143185205842156867"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterHealthAction.java",
                "function": "prepareRequest"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-6da398ca",
            "digest": {
                "length": 536.0,
                "function_hash": "5404235771998888714081072981406497139"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "clusterStateProcessed"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-6f4b9c58",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "180711593914136683470271172114839299871",
                    "42196855722912047301929948827606393857",
                    "49919856636442879718633512225542789782",
                    "106424972879072071405689693783180951279",
                    "207775338532262093297481938210699369834",
                    "211288110628335819010801587018502326854",
                    "177488638003365188078098354067096729753",
                    "181022521802483312386937311454532743130",
                    "162958714978688031415971742650611826044",
                    "92807347980513346755242221861534215116",
                    "207006766408926886605710327214752179240",
                    "140707279872837144279965293733056036369",
                    "50583490959650044458984761833790113674",
                    "176644145481638765898600468899354693926",
                    "252621993473906174156296812833336622442",
                    "140575960612630349444267340585258434765"
                ]
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "server/src/test/java/org/elasticsearch/cluster/health/ClusterStateHealthTests.java"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-a03f6dd3",
            "digest": {
                "length": 338.0,
                "function_hash": "6474068417774092020634181732763771862"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "onFailure"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-c92be6ae",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "25305633625658196018831241284855580218",
                    "169651598616811474482466104901414717818",
                    "289456362489181746088668429790502886300",
                    "287417607446545462087396542818238113508",
                    "97671628464759580500551447523687287125",
                    "234916791305774367641869177000256360774",
                    "9196050395012555782273868136664546074",
                    "138830480758109085374865192511230789358"
                ]
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/ClusterHealthRequest.java"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-ced2ca53",
            "digest": {
                "length": 395.0,
                "function_hash": "228981500300247243571845585931063640017"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "clusterStateProcessed"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-dc23d544",
            "digest": {
                "length": 483.0,
                "function_hash": "3103055835509618735414406246996403859"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "getResponse"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        },
        {
            "id": "CVE-2023-46674-f37c4a92",
            "digest": {
                "length": 1060.0,
                "function_hash": "97289872469176408882290985059139290681"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java",
                "function": "executeHealth"
            },
            "signature_version": "v1",
            "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885"
        }
    ]
}