HIGH✓ PATCH🇬🇧 English

CVE-2018-3828

CVSS 7.5v3.0pub. 2018-09-19upd. 2024-11-21

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Elastic Cloud Enterprise

    APP
    Elastic
    < 1.1.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2025-37729CRITICAL9.1PL ✓ten sam produkt

Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava

CVE-2025-37736HIGH8.8ten sam produkt

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...

CVE-2024-37282HIGH8.1ten sam produkt

It was identified that under certain specific preconditions, an API key that was originally created with a spe...

CVE-2023-31418HIGH7.5ten sam produkt

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...

CVE-2022-23716MEDIUM5.3ten sam produkt

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key us...

CVE-2018-3828 — HIGH 7.5 | CVEbaza.pl