DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-23444

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-23444

CGA ID

CGA-g77r-crqm-jqv5

Severity

4.9

Medium

CVSS V3

Summary

Elasticsearch stores private key on disk unencrypted

Description

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images