DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CGA-vmrf-p878-8cpm

Published

Last updated

Package

elasticsearch-7-iamguarded

Component

elasticsearch-7

Latest Update
Fixed
Fixed Version

7.17.29-r6

Aliases
  • CVE-2025-68384
  • GHSA-qf7c-7r9h-mm92

Severity

6.5

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-68384
  • https://github.com/advisories/GHSA-qf7c-7r9h-mm92

Updates

Status

Fixed

Fixed version

7.17.29-r6

Status

Pending upstream fix

Impact

This vulnerability affects Elasticsearch x-pack modules which are part of the Elasticsearch codebase itself, not an external dependency. The fix requires upgrading to Elasticsearch 8.19+ or 9.x, which is a major version upgrade. Elasticsearch 7.x support ends January 15, 2026. Awaiting upstream backport to the 7.x version stream or migration to supported versions.

Status

Fixed

Fixed version

7.17.29-r6

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal