Skip to content

[GHSA-m9gh-789g-q5pv] Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates#8684

Open
sealonohana wants to merge 1 commit into
sealonohana/advisory-improvement-8684from
sealonohana-GHSA-m9gh-789g-q5pv
Open

[GHSA-m9gh-789g-q5pv] Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates#8684
sealonohana wants to merge 1 commit into
sealonohana/advisory-improvement-8684from
sealonohana-GHSA-m9gh-789g-q5pv

Conversation

@sealonohana

Copy link
Copy Markdown

Updates

  • Affected products

Comments
Fix commit: elastic/elasticsearch@d8a408d
The fix is implemented in the x-pack-core and x-pack-security artifacts.

@github-actions github-actions Bot changed the base branch from main to sealonohana/advisory-improvement-8684 July 12, 2026 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant