An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2023-12-05T17:21:59.184Z

Updated: 2024-08-28T14:26:21.336Z

Reserved: 2023-10-24T17:28:32.186Z

Link: CVE-2023-46674

cve-icon Vulnrichment

Updated: 2024-08-02T20:53:21.108Z

cve-icon NVD

Status : Modified

Published: 2023-12-05T18:15:12.380

Modified: 2024-11-21T08:29:02.453

Link: CVE-2023-46674

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-12-05T00:00:00Z

Links: CVE-2023-46674 - Bugzilla