Security Advisory

CVE-2024-23444

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-31 17:26:12
Last updated 2025-04-04 23:03:01
Assigner elastic
State PUBLISHED

Description

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.