Moderate severityNVD Advisory· Published Jul 31, 2024· Updated Apr 4, 2025
Elasticsearch elasticsearch-certutil csr fails to encrypt private key
CVE-2024-23444
Description
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 8.0.0-alpha1, < 8.13.0 | 8.13.0 |
org.elasticsearch:elasticsearchMaven | < 7.17.23 | 7.17.23 |
Affected products
140- osv-coords139 versionspkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-bitnamipkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:bitnami/elasticsearchpkg:maven/org.elasticsearch/elasticsearch
< 7.17.23-r0+ 138 more
- (no CPE)range: < 7.17.23-r0
- (no CPE)range: < 7.17.23-r0
- (no CPE)range: < 7.17.23-r0
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: < 453-r1
- (no CPE)range: >= 7.0.0, < 7.17.23
- (no CPE)range: >= 8.0.0-alpha1, < 8.13.0
- Range: 7.x
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-5v8f-xx9m-wj44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-23444ghsaADVISORY
- discuss.elastic.co/t/elasticsearch-8-13-0-7-17-23-security-update-esa-2024-12/364157ghsaWEB
- github.com/elastic/elasticsearch/commit/07296d596a1dee24730e33ad40b6726f70c6fc23ghsaWEB
- github.com/elastic/elasticsearch/commit/321c4e1e6b738bf80faa41dbb9881489a4ab44e5ghsaWEB
- github.com/elastic/elasticsearch/commit/bb1eddada3678257838b0590090ff9eb68acaa1bghsaWEB
- github.com/elastic/elasticsearch/pull/106105ghsaWEB
- github.com/elastic/elasticsearch/pull/109834ghsaWEB
- security.netapp.com/advisory/ntap-20250404-0001ghsaWEB
News mentions
0No linked articles in our index yet.