An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
{ "vanir_signatures": [ { "id": "CVE-2023-46674-00b60f12", "digest": { "length": 146.0, "function_hash": "195314418732590965725354939268817579205" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "onTimeout" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-1fcd1189", "digest": { "threshold": 0.9, "line_hashes": [ "72919630592977237663209319849732164030", "76521704441938352809301473684295330845", "124458734046809073615339615971646274886", "321749277967783123123457744423093369730", "175850804632224147493936443727535696380", "237549774618073494858982752873371504083" ] }, "signature_type": "Line", "deprecated": false, "target": { "file": "test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-223c0843", "digest": { "threshold": 0.9, "line_hashes": [ "56791242155093561440754699602922802063", "261002487472452097014701103809481193688", "131109347992471159654270056055145833752", "200639234132288226145088513276953965744", "118144831024639135110189422974861107720", "49228099443258558065858014399502429883", "332655758020155813577638580485534686222", "50857803150426839998908215835687639859", "9710934947692630851600506182509812794", "261787511866824544682895646213160639705", "138517509961337130602196253545969058444", "83284010603283708117438542575482424499", "252373522145478016671270831998752437145", "29417468945941655047622863672209128699", "134887005680684580258951937946097390009", "252325744817033799572496302693953803381", "115017370080193467773943149914753944287", "133315093242997616180862281313760892292", "250174102855802112237270414457094914462", "79619246098129804658569676333445292211", "170856146567546713655710523842388127258", "280604442437447202326689227915262606469", "306169521098725066678971626983308575877", "255768783269049914993966125051285606153", "279721738404654630088762664660771861779", "9330857611041896104743163708895038967", "317031562538723450911348523861752655360", "291737255659935875044156657605589427581", "152876530606824319058564406881651525873", "189690571896281131665909864682342051169", "252373522145478016671270831998752437145", "29417468945941655047622863672209128699", "150738123829663981359559271010135400458", "174429120606179256651310121863042438535", "236499039190247627118385630810098915580", "99223937815377541922460579034618562913", "261079973588162300552612080204985420492", "28982179535067085260083809830357673720", "269834952737609041459494327692111641055", "61829953791553753312764281980827412620", "147593838403989757216204519467444835098", "26006940858579834303784044285585845270", "174429120606179256651310121863042438535", "236499039190247627118385630810098915580", "99223937815377541922460579034618562913", "48956484780317145337141651138969251221", "335397234988027252993975712824283643788", "230462371882826048929992659845578938083", "245563151387423410868264956493634104762", "66676620923698487146619495888101120651", "149561838611573326343249976252002800643", "340164350631336426281487343802411569688", "315095244973568168306019278635749506103", "196362540107866293572036416324123498704", "301977193879913377737314641927580065791", "206412894707251671972404443318711960731", "113172224004610473791190451878753397468", "218386213339092563183584669644162101539", "42218117717251629638485709362637725545", "335532789415988750949877313392884914810", "65119227745230250479432900347936903516", "78720146323125882174786020939685571404", "126451541553889899618033324826149080818", "249314992251646842246419365227856662758", "32579291432328381625633489416327458322", "295473812150833999708077697971903977411", "28934871723297847993530655881412687601", "6741051929551579546799510754391045069", "295702132223144576940569905118859961445", "139825107054965911633633869372380447272", "162607652827565910634421011952386061093", "192426317259820270862785836111341523480", "178849378794461678186689278169579448859", "197835779518925172303823966988342437391", "332473788036589095699928315267305083110", "113152760493303842239299050364344672790", "290448987826253346555777498971856053843", "257824889015565095000021337625303271427", "263794231146895215138690304629306737234", "297154916609590641782548178578456068115", "130690306339408808008468155129358475444", "182963491303127398199413243024519850192", "175712956875941503122639889853921918135", "301008993903053316247719074910181490375", "217361182337667429294877899192703188469", "154542945416712978382397838233270084410", "90632734748478038911158952026282242097", "90863667821100717170532126586642156710", "171883460725082841485319997284438119050", "131087270771501167148896705408115395898", "271515030087108423566002942475295187804" ] }, "signature_type": "Line", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-28aa27dd", "digest": { "length": 2701.0, "function_hash": "175726788085796966782629847738595060846" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "waitForEventsAndExecuteHealth" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-292ae87b", "digest": { "length": 455.0, "function_hash": "132937421475890902392174792251740618521" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "masterOperation" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-3c9ccc52", "digest": { "length": 1480.0, "function_hash": "251562323171333253086246984592288882272" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/test/java/org/elasticsearch/cluster/health/ClusterStateHealthTests.java", "function": "testClusterHealthWaitsForClusterStateApplication" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-4b3774a4", "digest": { "threshold": 0.9, "line_hashes": [ "155962608250304230763121350031407172164", "242717823275861031067029802018847323086", "307757298760905004822740541074250385852", "162899303504247520377413025632430404562", "178485864041491068476686119065062008533", "15274643139537649001307426591691674992", "5098805821060262379383626982216813773", "248608060240417453632379199807008690718" ] }, "signature_type": "Line", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterHealthAction.java" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-5bda2207", "digest": { "length": 244.0, "function_hash": "211245911209175656390143185205842156867" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterHealthAction.java", "function": "prepareRequest" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-6da398ca", "digest": { "length": 536.0, "function_hash": "5404235771998888714081072981406497139" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "clusterStateProcessed" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-6f4b9c58", "digest": { "threshold": 0.9, "line_hashes": [ "180711593914136683470271172114839299871", "42196855722912047301929948827606393857", "49919856636442879718633512225542789782", "106424972879072071405689693783180951279", "207775338532262093297481938210699369834", "211288110628335819010801587018502326854", "177488638003365188078098354067096729753", "181022521802483312386937311454532743130", "162958714978688031415971742650611826044", "92807347980513346755242221861534215116", "207006766408926886605710327214752179240", "140707279872837144279965293733056036369", "50583490959650044458984761833790113674", "176644145481638765898600468899354693926", "252621993473906174156296812833336622442", "140575960612630349444267340585258434765" ] }, "signature_type": "Line", "deprecated": false, "target": { "file": "server/src/test/java/org/elasticsearch/cluster/health/ClusterStateHealthTests.java" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-a03f6dd3", "digest": { "length": 338.0, "function_hash": "6474068417774092020634181732763771862" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "onFailure" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-c92be6ae", "digest": { "threshold": 0.9, "line_hashes": [ "25305633625658196018831241284855580218", "169651598616811474482466104901414717818", "289456362489181746088668429790502886300", "287417607446545462087396542818238113508", "97671628464759580500551447523687287125", "234916791305774367641869177000256360774", "9196050395012555782273868136664546074", "138830480758109085374865192511230789358" ] }, "signature_type": "Line", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/ClusterHealthRequest.java" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-ced2ca53", "digest": { "length": 395.0, "function_hash": "228981500300247243571845585931063640017" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "clusterStateProcessed" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-dc23d544", "digest": { "length": 483.0, "function_hash": "3103055835509618735414406246996403859" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "getResponse" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" }, { "id": "CVE-2023-46674-f37c4a92", "digest": { "length": 1060.0, "function_hash": "97289872469176408882290985059139290681" }, "signature_type": "Function", "deprecated": false, "target": { "file": "server/src/main/java/org/elasticsearch/action/admin/cluster/health/TransportClusterHealthAction.java", "function": "executeHealth" }, "signature_version": "v1", "source": "https://github.com/elastic/elasticsearch/commit/eeedb98c60326ea3d46caef960fb4c77958fb885" } ] }