Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.
oryginał ENCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HElastic Cloud Enterprise
APPElastic< 1.1.4
Powiązane podatności
Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...
It was identified that under certain specific preconditions, an API key that was originally created with a spe...
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key us...