A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NElastic Cloud Enterprise
APPElastic< 3.1.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Powiązane podatności
CVE-2025-37729CRITICAL9.1PL ✓ten sam produkt
Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava
CVE-2025-37736HIGH8.8ten sam produkt
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...
CVE-2024-37282HIGH8.1ten sam produkt
It was identified that under certain specific preconditions, an API key that was originally created with a spe...
CVE-2023-31418HIGH7.5ten sam produkt
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...
CVE-2018-3828HIGH7.5ten sam produkt
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was d...