Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HElastic Cloud Enterprise
APPElastic2.5.0 – 3.8.2 (bez)4.0.0 – 4.0.2 (bez)
Related vulnerabilities
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...
It was identified that under certain specific preconditions, an API key that was originally created with a spe...
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was d...
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key us...