Design/Logic Flaw

2022-09-2820:15:00

PRIOn knowledge base

www.prio-n.com

flaw

ece

security

saml

private key

deployment logs

rbac

logging and monitoring

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CPENameOperatorVersion
elastic_cloud_enterpriselt3.1.1

CPE	Name	Operator	Version
	elastic_cloud_enterprise	lt	3.1.1

References

discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317

www.elastic.co/community/security/