DirectorySecurity Advisories
Sign In
Security Advisories

CGA-g77r-crqm-jqv5

Published

Last updated

https://images.chainguard.dev/security/CGA-g77r-crqm-jqv5
Package

trino

Latest Update
Fixed
Fixed Version

453-r1

Aliases
  • CVE-2024-23444
  • GHSA-5v8f-xx9m-wj44

Severity

4.9

Medium

CVSS V3

Summary

Elasticsearch stores private key on disk unencrypted

Description

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation