How severe is CVE-2024-23444?

CVE-2024-23444 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2024-23444

Name: elasticsearch
Author: elastic

4.9MEDIUM

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is

Veröffentlicht: 7/31/2024Aktualisiert: 4/4/2025

Beschreibung

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.

KI-AnalyseKI-gestützt

Betroffene Produkte

elasticelasticsearch

Referenzen

https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-23-security-update-esa-2024-12/364157
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250404-0001/