CVE-2024-52980

{"id": "CVE-2024-52980", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-08T17:15:34.880", "references": [{"url": "https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919", "tags": ["Patch", "Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\n\nA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them."}, {"lang": "es", "value": "Se descubri\u00f3 una falla en Elasticsearch. Una recursi\u00f3n extensa con la funci\u00f3n innerForbidCircularReferences de la clase PatternBank pod\u00eda provocar el bloqueo del nodo Elasticsearch. Para que el ataque tenga \u00e9xito, se requiere que un usuario malintencionado tenga asignado el privilegio read_pipeline del cl\u00faster de Elasticsearch."}], "lastModified": "2025-09-30T21:35:59.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF95A445-C184-4B02-A4C1-2490D88DDCED", "versionEndExcluding": "8.15.1", "versionStartIncluding": "7.17.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}