A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NElastic Cloud Enterprise
APPElastic< 3.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2025-37729CRITICAL9.1PL ✓ten sam produkt
Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava
CVE-2025-37736HIGH8.8ten sam produkt
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...
CVE-2024-37282HIGH8.1ten sam produkt
It was identified that under certain specific preconditions, an API key that was originally created with a spe...
CVE-2023-31418HIGH7.5ten sam produkt
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...
CVE-2018-3828HIGH7.5ten sam produkt
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was d...