CVE-2017-8444

5.9MEDIUM

Key Information:

Vendor: Elastic
Status: Elastic Cloud Enterprise
Vendor: CVE Published:; 29 September 2017

Summary

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Affected Version(s)

Elastic Cloud Enterprise 1.0.0 and 1.0.1

References

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
May 2, 2017