CVE-2022-23712
Description
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attacker can cause denial of service by sending a specifically formatted network request to Elasticsearch nodes.
Vulnerability
CVE-2022-23712 is a denial of service (DoS) vulnerability in Elasticsearch. The flaw allows an unauthenticated attacker to forcibly shut down an Elasticsearch node by sending a specially crafted network request [1]. The exact root cause involves improper handling of certain input, leading to a crash.
Exploitation
An attacker can exploit this vulnerability remotely without authentication. The attack vector is network-based, requiring only the ability to send a specifically formatted request to the target Elasticsearch node. No special privileges or prior access are needed [1].
Impact
Successful exploitation results in the targeted Elasticsearch node being shut down, causing a denial of service. This can disrupt the availability of the Elasticsearch cluster, affecting any services relying on it [1].
Mitigation
The vulnerability is addressed in Elasticsearch versions 6.8.0 and later, but users should update to the latest patched versions. Elastic has released security updates; users should refer to the official advisory for details [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 8.0.0, < 8.2.1 | 8.2.1 |
Affected products
3- osv-coords2 versions
>= 8.0.0, < 8.2.1+ 1 more
- (no CPE)range: >= 8.0.0, < 8.2.1
- (no CPE)range: >= 8.0.0, < 8.2.1
- Range: versions 8.0.0 through 8.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-wh6w-69xc-5rq5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23712ghsaADVISORY
- discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220707-0010ghsaWEB
- security.netapp.com/advisory/ntap-20220707-0010/mitrex_refsource_CONFIRM
- www.elastic.co/community/securityghsaWEB
- www.elastic.co/community/security/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.