{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T03:03:19.083","vulnerabilities":[{"cve":{"id":"CVE-2024-52980","sourceIdentifier":"security@elastic.co","published":"2025-04-08T17:15:34.880","lastModified":"2025-09-30T21:35:59.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\n\nA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them."},{"lang":"es","value":"Se descubrió una falla en Elasticsearch. Una recursión extensa con la función innerForbidCircularReferences de la clase PatternBank podía provocar el bloqueo del nodo Elasticsearch. Para que el ataque tenga éxito, se requiere que un usuario malintencionado tenga asignado el privilegio read_pipeline del clúster de Elasticsearch."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*","versionStartIncluding":"7.17.0","versionEndExcluding":"8.15.1","matchCriteriaId":"AF95A445-C184-4B02-A4C1-2490D88DDCED"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919","source":"security@elastic.co","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}}]}