Information Exposure in Elastic Cloud Enterprise by Elastic
CVE-2018-3828

7.5HIGH

Key Information:

Vendor
Elastic
Vendor
CVE Published:
19 September 2018

Summary

Elastic Cloud Enterprise versions prior to 1.1.4 are vulnerable to an information exposure issue where, under certain exception conditions, encryption keys, passwords, and other sensitive security headers can be inadvertently logged. This leak can enable an attacker with access to the logging cluster to obtain confidential credentials, potentially allowing them to carry out authenticated actions with the compromised credentials.

Affected Version(s)

Elastic Cloud Enterprise before 1.1.4

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.