71 matches found
CVE-2025-37736
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
EUVD-2025-38342
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...
CVE-2025-37736
Summary: CVE-2025-37736 is an Improper Authorization flaw in Elastic Cloud Enterprise (ECE) that can enable privilege escalation where a built-in readonly user may call APIs that should be disallowed. Affected endpoints (examples): /platform/configuration/security/service-accounts (POST/DELETE/…)...
Elastic Cloud Enterprise 安全漏洞
Elastic Cloud Enterprise is a cloud platform from the Dutch company Elastic. It makes it easy to deploy, operate and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise that stems from improper authorization and could lead to elevated privileges...
Elastic Cloud Enterprise (ECE) 3.8.3 and 4.0.3 Security Update (ESA-2025-22)
Elastic Cloud Enterprise Improper Authorizatio n ESA-2025-22 Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:...
PT-2025-44756
Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise affected versions not specified Description An improper authorization issue exists in the Elastic Cloud Enterprise platform’s application programming interfaces. Exploitation of this issue may allow a remote attacker t...
CVE-2025-37729
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...
EUVD-2025-34069
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...
CVE-2025-37729
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...
CVE-2025-37729
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...
CVE-2025-37729
Elastic Cloud Enterprise (ECE) is affected by CVE-2025-37729 due to improper neutralization of Jinjava template elements. The issue allows a user with Admin access to exfiltrate sensitive information and issue commands through a specially crafted string that causes Jinjava variables to be evaluat...
CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...
CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...
Elastic Cloud Enterprise (ECE) 3.8.2 and 4.0.2 Security Update (ESA-2025-21)
Elastic Cloud Enterprise ECE Improper Neutralization of Special Elements Used in a Template Engine ESA-2025-21 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information a...
Elastic Cloud Enterprise 安全漏洞
Elastic Cloud Enterprise is a cloud platform from the Dutch company Elastic. It makes it easy to deploy, operate and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise that stems from improper neutralization of special elements in the template engine,...
PT-2025-41785
Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise versions 2.5.0 through 3.8.1 Elastic Cloud Enterprise version 4.0.0 through 4.0.1 Description An issue exists in Elastic Cloud Enterprise ECE related to the improper handling of special elements within its template...