经过身份认证的攻击者可以修改 hadoop 和 spark 配置属性,从而进行反序列化利用。
官方公告:https://discuss.elastic.co/t/elasticsearch-hadoop-7-17-11-8-9-0-security-update-esa-2023-28/348663
CVE-2023-46674:https://nvd.nist.gov/vuln/detail/CVE-2023-46674
Elasticsearch-hadoop < 7.17.11 8.0.0 <= Elasticsearch-hadoop < 8.9.0
Elasticsearch-hadoop >= 7.17.11 Elasticsearch-hadoop >= 8.9.0
扫一扫订阅