It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
History

Sat, 05 Apr 2025 00:00:00 +0000

Type Values Removed Values Added
References

Tue, 04 Feb 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Elastic
Elastic elasticsearch
CPEs cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
Vendors & Products Elastic
Elastic elasticsearch

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2025-04-04T23:03:01.974Z

Reserved: 2024-01-16T21:31:26.029Z

Link: CVE-2024-23444

cve-icon Vulnrichment

Updated: 2025-04-04T23:03:01.974Z

cve-icon NVD

Status : Modified

Published: 2024-07-31T18:15:11.983

Modified: 2025-04-04T23:15:41.133

Link: CVE-2024-23444

cve-icon Redhat

No data.