Security

Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-46671, CVE-2023-46673

The following issues may affect your Liferay-Elastic stack.

Vulnerability Information

Kibana Insertion of Sensitive Information into Log File (ESA-2023-25, CVE-2023-46671)

Refer to https://discuss.elastic.co/t/kibana-8-11-1-security-update-esa-2023-25/347149 for details and mitigation.

Elasticsearch Improper Handling of Exceptional Conditions (ESA-2023-24, CVE-2023-46673)

Refer to https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708 for details and mitigation.

Additional Information

Regarding CVE-2023-46673: Liferay's out-of-the-box features are not using the Simulate Pipeline API affected by this vulnerability.

As usual, Liferay recommends to its customers to upgrade their production Elastic stack to the latest available and compatible release of 7.x/8.x. Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required update/patch levels.

Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

Primeiros passos

Ajuda do Portal do Cliente

Liferay Learn

Base de Conhecimento

Visão geral de segurança

Relatórios de segurança

Release Notes

Atualizações do Portal do Cliente

Downloads

Meus tickets

Abrir um ticket

Escalar um ticket

Cobertura de suporte

Serviços e Compatibilidade

Fale conosco

Eventos para clientes