Vulnerabilites related to elastic - elastic_cloud_enterprise
Vulnerability from fkie_nvd
Published
2018-09-19 19:29
Modified
2024-11-21 04:06
Summary
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.
Impacted products
Vendor Product Version
elastic elastic_cloud_enterprise *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE5D901-05D3-4C30-BFCC-764132574714",
                     versionEndExcluding: "1.1.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.",
      },
      {
         lang: "es",
         value: "Elastic Cloud Enterprise (ECE), en versiones anteriores a la 1.1.4, contiene una vulnerabilidad de exposición de información. Se ha descubierto que determinadas condiciones de excepción resultarían en la fuga de claves cifradas, contraseñas y otras cabeceras de seguridad sensibles a los logs del \"allocator\". Un atacante con acceso al clúster de registros podría ser capaz de obtener credenciales filtradas y realizar acciones autenticadas mediante el uso de esas credenciales.",
      },
   ],
   id: "CVE-2018-3828",
   lastModified: "2024-11-21T04:06:06.950",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-19T19:29:00.907",
   references: [
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
      },
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
   ],
   sourceIdentifier: "bressers@elastic.co",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "bressers@elastic.co",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-09-19 19:29
Modified
2024-11-21 04:06
Summary
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
Impacted products
Vendor Product Version
elastic elastic_cloud_enterprise *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE5D901-05D3-4C30-BFCC-764132574714",
                     versionEndExcluding: "1.1.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.",
      },
      {
         lang: "es",
         value: "En Elastic Cloud Enterprise (ECE) en versiones anteriores a la 1.1.4, se ha descubierto que un usuario podría sacar de su escala los asignadores en nuevos hosts con un token de roles no válido. Un atacante con acceso al ID runner anterior y a la dirección IP del coordinador-host podría añadir un asignador a una instalación ECE existente para obtener acceso a otros datos de clústers.",
      },
   ],
   id: "CVE-2018-3829",
   lastModified: "2024-11-21T04:06:07.083",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-19T19:29:01.063",
   references: [
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
      },
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
   ],
   sourceIdentifier: "bressers@elastic.co",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-285",
            },
         ],
         source: "bressers@elastic.co",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-290",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-10-26 18:15
Modified
2024-11-21 08:01
Summary
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7782710-73A4-4698-872E-CD9FE4362872",
                     versionEndIncluding: "7.17.12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "40A93493-7FF2-46D1-8855-40B7CA831C47",
                     versionEndIncluding: "8.8.2",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9311B386-FAD0-4DB8-A059-DAA46549F1D8",
                     versionEndIncluding: "2.13.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "20740FCD-DA43-49EF-B2E9-C85DFD13881A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.",
      },
      {
         lang: "es",
         value: "Se identificó un problema con la forma en que Elasticsearch manejó las solicitudes entrantes en la capa HTTP. Un usuario no autenticado podría forzar la salida de un nodo de Elasticsearch con un error OutOfMemory enviando una cantidad moderada de solicitudes HTTP con formato incorrecto. El problema fue identificado por Elastic Engineering y no tenemos indicios de que se conozca o de que esté siendo explotado en la naturaleza.",
      },
   ],
   id: "CVE-2023-31418",
   lastModified: "2024-11-21T08:01:49.387",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "bressers@elastic.co",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-26T18:15:08.587",
   references: [
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616",
      },
      {
         source: "bressers@elastic.co",
         url: "https://security.netapp.com/advisory/ntap-20231130-0005/",
      },
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20231130-0005/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
   ],
   sourceIdentifier: "bressers@elastic.co",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "bressers@elastic.co",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-09-19 19:29
Modified
2024-11-21 04:06
Summary
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
Impacted products
Vendor Product Version
elastic elastic_cloud_enterprise *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBE5D901-05D3-4C30-BFCC-764132574714",
                     versionEndExcluding: "1.1.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.",
      },
      {
         lang: "es",
         value: "En Elastic Cloud Enterprise (ECE) en versiones anteriores a la 1.1.4, una clave de cifrado maestra por defecto se utiliza en el proceso de concesión de acceso de Zookeeper a los clústers de Elasticsearch. A no ser que esté explícitamente sobrescrito, esta clave maestra es predecible en todos los despliegues ECE. Si un atacante puede conectar directamente con ZooKeeper, podría acceder a la información de configuración de otros inquilinos si el ID del clúster es conocido.",
      },
   ],
   id: "CVE-2018-3825",
   lastModified: "2024-11-21T04:06:06.577",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-19T19:29:00.500",
   references: [
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
      },
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
   ],
   sourceIdentifier: "bressers@elastic.co",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-321",
            },
         ],
         source: "bressers@elastic.co",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-1188",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-25 18:15
Modified
2024-11-21 06:49
Summary
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
Impacted products
Vendor Product Version
elastic elastic_cloud_enterprise *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "913D8307-3AD1-4A5C-9AE4-B50090E43130",
                     versionEndExcluding: "3.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore",
      },
      {
         lang: "es",
         value: "Se ha detectado un fallo en ECE versiones anteriores a 3.4.0, que podría conducir a una divulgación de información confidencial, como las contraseñas de los usuarios y los valores de configuración de los almacenes de claves de Elasticsearch, en registros tales como el registro de auditoría o los registros de despliegue en el clúster de registro y supervisión. Las APIs afectadas son PATCH /api/v1/user y PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore",
      },
   ],
   id: "CVE-2022-23715",
   lastModified: "2024-11-21T06:49:10.000",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-25T18:15:09.760",
   references: [
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825",
      },
      {
         source: "bressers@elastic.co",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.elastic.co/community/security",
      },
   ],
   sourceIdentifier: "bressers@elastic.co",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "bressers@elastic.co",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-09-28 20:15
Modified
2024-11-21 06:49
Summary
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
Impacted products
Vendor Product Version
elastic elastic_cloud_enterprise *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB999B53-7191-465C-B5DF-CF033C23670B",
                     versionEndExcluding: "3.1.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.",
      },
      {
         lang: "es",
         value: "Se ha detectado un fallo en ECE versiones anteriores a 3.1.1, que podía conllevar a una revelación de la clave privada de firma de SAML usada para las funciones RBAC, en los registros de despliegue del clúster de registro y supervisión",
      },
   ],
   id: "CVE-2022-23716",
   lastModified: "2024-11-21T06:49:10.117",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-09-28T20:15:11.307",
   references: [
      {
         source: "bressers@elastic.co",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
      },
      {
         source: "bressers@elastic.co",
         tags: [
            "Product",
         ],
         url: "https://www.elastic.co/community/security/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://www.elastic.co/community/security/",
      },
   ],
   sourceIdentifier: "bressers@elastic.co",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "bressers@elastic.co",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2018-3825
Vulnerability from cvelistv5
Published
2018-09-19 19:00
Modified
2024-08-05 04:57
Severity ?
Summary
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
Impacted products
Vendor Product Version
Elastic Elastic Cloud Enterprise (ECE) Version: before 1.1.4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:57:24.044Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.elastic.co/community/security",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Elastic Cloud Enterprise (ECE)",
               vendor: "Elastic",
               versions: [
                  {
                     status: "affected",
                     version: "before 1.1.4",
                  },
               ],
            },
         ],
         datePublic: "2018-06-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-321",
                     description: "CWE-321: Use of Hard-coded Cryptographic Key",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-09-19T18:57:01",
            orgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            shortName: "elastic",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.elastic.co/community/security",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@elastic.co",
               ID: "CVE-2018-3825",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Elastic Cloud Enterprise (ECE)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 1.1.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Elastic",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-321: Use of Hard-coded Cryptographic Key",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.elastic.co/community/security",
                     refsource: "CONFIRM",
                     url: "https://www.elastic.co/community/security",
                  },
                  {
                     name: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                     refsource: "CONFIRM",
                     url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
      assignerShortName: "elastic",
      cveId: "CVE-2018-3825",
      datePublished: "2018-09-19T19:00:00",
      dateReserved: "2018-01-02T00:00:00",
      dateUpdated: "2024-08-05T04:57:24.044Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-23715
Vulnerability from cvelistv5
Published
2022-08-25 17:25
Modified
2024-08-03 03:51
Severity ?
Summary
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
Impacted products
Vendor Product Version
Elastic Elastic Cloud Enterprise Version: Versions through 3.4.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:51:45.962Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.elastic.co/community/security",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Elastic Cloud Enterprise",
               vendor: "Elastic",
               versions: [
                  {
                     status: "affected",
                     version: "Versions through 3.4.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-532",
                     description: "CWE-532",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-25T17:25:42",
            orgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            shortName: "elastic",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.elastic.co/community/security",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@elastic.co",
               ID: "CVE-2022-23715",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Elastic Cloud Enterprise",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions through 3.4.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Elastic",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-532",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.elastic.co/community/security",
                     refsource: "MISC",
                     url: "https://www.elastic.co/community/security",
                  },
                  {
                     name: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825",
                     refsource: "MISC",
                     url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
      assignerShortName: "elastic",
      cveId: "CVE-2022-23715",
      datePublished: "2022-08-25T17:25:42",
      dateReserved: "2022-01-19T00:00:00",
      dateUpdated: "2024-08-03T03:51:45.962Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-23716
Vulnerability from cvelistv5
Published
2022-09-28 19:34
Modified
2024-08-03 03:51
Severity ?
Summary
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
Impacted products
Vendor Product Version
Elastic Elastic Cloud Enterprise Version: Versions through 3.1.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:51:46.064Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.elastic.co/community/security/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Elastic Cloud Enterprise",
               vendor: "Elastic",
               versions: [
                  {
                     status: "affected",
                     version: "Versions through 3.1.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-532",
                     description: "CWE-532: Insertion of Sensitive Information into Log File",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-28T19:34:00",
            orgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            shortName: "elastic",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.elastic.co/community/security/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@elastic.co",
               ID: "CVE-2022-23716",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Elastic Cloud Enterprise",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions through 3.1.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Elastic",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-532: Insertion of Sensitive Information into Log File",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.elastic.co/community/security/",
                     refsource: "MISC",
                     url: "https://www.elastic.co/community/security/",
                  },
                  {
                     name: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
                     refsource: "MISC",
                     url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
      assignerShortName: "elastic",
      cveId: "CVE-2022-23716",
      datePublished: "2022-09-28T19:34:00",
      dateReserved: "2022-01-19T00:00:00",
      dateUpdated: "2024-08-03T03:51:46.064Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-31418
Vulnerability from cvelistv5
Published
2023-10-26 17:36
Modified
2024-08-02 14:53
Summary
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
Impacted products
Vendor Product Version
Elastic Elasticsearch Version: 7.17.12
Version: 8.0.0   
Version: 2.13.3   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T14:53:30.904Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.elastic.co/community/security",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231130-0005/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Elasticsearch",
               vendor: "Elastic",
               versions: [
                  {
                     status: "affected",
                     version: "7.17.12",
                  },
                  {
                     lessThan: "8.8.2",
                     status: "affected",
                     version: "8.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.6.0",
                     status: "affected",
                     version: "2.13.3",
                     versionType: "semver",
                  },
               ],
            },
         ],
         datePublic: "2023-09-22T11:52:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.",
                  },
               ],
               value: "An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400: Uncontrolled Resource Consumption",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-26T17:36:42.723Z",
            orgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            shortName: "elastic",
         },
         references: [
            {
               url: "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616",
            },
            {
               url: "https://www.elastic.co/community/security",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231130-0005/",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Elasticsearch uncontrolled resource consumption",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
      assignerShortName: "elastic",
      cveId: "CVE-2023-31418",
      datePublished: "2023-10-26T17:36:42.723Z",
      dateReserved: "2023-04-27T18:54:56.704Z",
      dateUpdated: "2024-08-02T14:53:30.904Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-3829
Vulnerability from cvelistv5
Published
2018-09-19 19:00
Modified
2024-08-05 04:57
Severity ?
Summary
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
Impacted products
Vendor Product Version
Elastic Elastic Cloud Enterprise Version: before 1.1.4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:57:23.572Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.elastic.co/community/security",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Elastic Cloud Enterprise",
               vendor: "Elastic",
               versions: [
                  {
                     status: "affected",
                     version: "before 1.1.4",
                  },
               ],
            },
         ],
         datePublic: "2018-06-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-285",
                     description: "CWE-285: Improper Authorization",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-09-19T18:57:01",
            orgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            shortName: "elastic",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.elastic.co/community/security",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@elastic.co",
               ID: "CVE-2018-3829",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Elastic Cloud Enterprise",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 1.1.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Elastic",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-285: Improper Authorization",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.elastic.co/community/security",
                     refsource: "CONFIRM",
                     url: "https://www.elastic.co/community/security",
                  },
                  {
                     name: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                     refsource: "CONFIRM",
                     url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
      assignerShortName: "elastic",
      cveId: "CVE-2018-3829",
      datePublished: "2018-09-19T19:00:00",
      dateReserved: "2018-01-02T00:00:00",
      dateUpdated: "2024-08-05T04:57:23.572Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-3828
Vulnerability from cvelistv5
Published
2018-09-19 19:00
Modified
2024-08-05 04:57
Severity ?
Summary
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.
Impacted products
Vendor Product Version
Elastic Elastic Cloud Enterprise Version: before 1.1.4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:57:24.513Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.elastic.co/community/security",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Elastic Cloud Enterprise",
               vendor: "Elastic",
               versions: [
                  {
                     status: "affected",
                     version: "before 1.1.4",
                  },
               ],
            },
         ],
         datePublic: "2018-06-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-532",
                     description: "CWE-532: Information Exposure Through Log Files",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-09-19T18:57:01",
            orgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            shortName: "elastic",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.elastic.co/community/security",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@elastic.co",
               ID: "CVE-2018-3828",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Elastic Cloud Enterprise",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 1.1.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Elastic",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-532: Information Exposure Through Log Files",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.elastic.co/community/security",
                     refsource: "CONFIRM",
                     url: "https://www.elastic.co/community/security",
                  },
                  {
                     name: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                     refsource: "CONFIRM",
                     url: "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
      assignerShortName: "elastic",
      cveId: "CVE-2018-3828",
      datePublished: "2018-09-19T19:00:00",
      dateReserved: "2018-01-02T00:00:00",
      dateUpdated: "2024-08-05T04:57:24.513Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}