Vulnerability detected on Search-guard -7

The version of Apache CXF installed on the remote Windows host is affected by multiple vulnerabilities: - A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured. (CVE-2024-29736)

Path : /app/softwareagwM1011/InternalDataStore/plugins/search-guard-7/cxf-core-3.3.7.jar Installed version : 3.3.7 Fixed version : 3.5.9

ElasticSearch version- 7.13.0

Could you please provide the status of these findings, or information about mitigation/remediation

@rashmi Thank you for reporting this, can you please confirm which version of SG you are using?

We are using Search Guard 7.13 version.

Wanted to know if this version is actually affected by this CVE or not

@Reshmi The above is elasticsearch version. Can you confirm the version of SG, see the SG version matrix https://docs.search-guard.com/latest/search-guard-versions

dear @sirHusky ,

We are using SG 51.0.0 version

@Reshmi As you are using EOL version, I would recommend to upgrade to the active/supported version, where the fix with latest libraries will be provided.
Also since you are using SG classic, it would be highly recommended to upgrade to SearchGuard FLX as this version is actively being developed and updated with latest libraries.

Hope this helps

@sirHusky ,

Sure , we will plan for the upgrade.
but until then , is it possible to confirm if this current version of SG is impacted by this CVE ?

@sirHusky ,
Kindly let us know if this version of SG is impacted by this CVE

@Reshmi the previous may have been effected, but the latest SG classic version 53.10.0 is updated to use the latest libraries. You can find the version on the SearchGuard versions page or download it directly using link.

Hope this helps

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.