14 matches found
CLEANSTART-2026-LO88261 Within HostnameError
Multiple security vulnerabilities affect the eck-operator package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-GU65783 Within HostnameError
Multiple security vulnerabilities affect the eck-operator package. Within HostnameError. See references for individual vulnerability details...
CVE-2023-31416
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
CVE-2023-31416
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
Code injection
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
CVE-2023-31416
The CVE-2023-31416 issue affects Elastic Cloud on Kubernetes (ECK) before 2.8 when used with APM Server 8.0 or later. The root cause is that the secret token configuration is not applied, which could allow anonymous requests to be accepted and lead to data ingestion into the APM deployment. Affec...
CVE-2020-7010
Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...
Stack overflow
Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...
CVE-2020-7010
CVE-2020-7010 affects Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0. The issue is a weak random number generator used to generate Elasticsearch credentials, which can enable easier brute-forcing if an attacker can determine when the cluster was deployed. Affected text from connected s...
Insecure Random Number Generator
github.com/elastic/cloud-on-k8s uses an insecure random number generator. Passwords are generated using an insecure random number generator, which would allow an attacker to easily brute-force and discover the Elasticsearch credentials generated by ECK...
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author: Mustafa Emre Gül...
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author: Mustafa Emre Gül Website: https://emregul.com.tr/ Tested...
ECK Hotel 1.0 Cross Site Request Forgery
Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author: Mustafa Emre Gül Website: https://emregul.com.tr/ Tested...
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author:...