Lucene search

PRIOn knowledge basePRION:CVE-2022-23715

HistoryAug 25, 2022 - 6:15 p.m.

Design/Logic Flaw

2022-08-2518:15:00

PRIOn knowledge base

www.prio-n.com

flaw

ece before 3.4.0

sensitive information disclosure

user passwords

elasticsearch keystore

audit log

deployment logs

logging and monitoring cluster

patch api

nvd

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore

CPENameOperatorVersion
elastic_cloud_enterpriselt3.4.0

CPE	Name	Operator	Version
	elastic_cloud_enterprise	lt	3.4.0

References

discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825

www.elastic.co/community/security