MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2022-23716

CVSS 5.3v3.1pub. 2022-09-28upd. 2025-05-21

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Elastic Cloud Enterprise

    APP
    Elastic
    < 3.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-37729CRITICAL9.1PL ✓ten sam produkt

Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava

CVE-2025-37736HIGH8.8ten sam produkt

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...

CVE-2024-37282HIGH8.1ten sam produkt

It was identified that under certain specific preconditions, an API key that was originally created with a spe...

CVE-2023-31418HIGH7.5ten sam produkt

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...

CVE-2018-3828HIGH7.5ten sam produkt

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was d...