Improper Encryption in Elastic Cloud Enterprise Compromising Sensitive Data
CVE-2017-8444

5.9MEDIUM

Key Information:

Vendor: Elastic
Status: Elastic Cloud Enterprise
Vendor: CVE Published:; 29 September 2017

Summary

The client-forwarder in Elastic Cloud Enterprise prior to version 1.0.2 suffers from improper encryption of traffic to ZooKeeper. This vulnerability allows for potential man-in-the-middle (MITM) attacks, wherein an unauthorized actor could intercept the traffic between the client-forwarder and ZooKeeper, possibly exposing sensitive data to malicious entities.

Affected Version(s)

Elastic Cloud Enterprise 1.0.0 and 1.0.1

References

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
May 2, 2017