Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CISA Thorium does not validate TLS connections to Elasticsearch
Vulnerability Description
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
CISA Thorium 安全漏洞
Vulnerability Description
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.2之前版本存在安全漏洞,该漏洞源于未验证Elasticsearch的TLS证书,可能导致未经验证的攻击者冒充Elasticsearch服务。
CVSS Information
N/A
Vulnerability Type
N/A