Vulnerability Discovered in ElasticSearch Products

A security vulnerability has been identified in ElasticSearch products, potentially allowing an attacker to bypass security policies.

The affected products and versions are as follows:

  • Beats versions 8.x.x before 8.10.1
  • Elastic Agent versions 8.x.x before 8.10.1
  • Fleet Server versions 8.x.x before 8.10.1

This security flaw was reported in ElasticSearch security bulletin 343385, dated September 19, 2023. Detailed information and the necessary patches can be found in the bulletin: ElasticSearch 343385.

The Common Vulnerabilities and Exposures (CVE) identifier for this vulnerability is CVE-2023-31421. Additional information can be accessed here: CVE-2023-31421.

Users and administrators are strongly advised to consult the security bulletin from the software publisher to obtain the necessary patches and take appropriate measures to enhance the security of their systems.