Lucene search
+L
ElasticElastic Cloud Enterprise

9 matches found

CVE
CVE
added 2022/08/25 5:25 p.m.664 views

CVE-2022-23715

CVE-2022-23715 affects Elastic Cloud Enterprise (ECE) prior to 3.4.0. A flaw in the Logging and Monitoring cluster may cause disclosure of sensitive information (e.g., user passwords and Elasticsearch keystore values) in logs. The vulnerable endpoints are PATCH /api/v1/user and PATCH /deployments...

6.5CVSS6.2AI score0.00675EPSS
Web
CVE
CVE
added 2023/10/26 5:36 p.m.282 views

CVE-2023-31418

The CVE-2023-31418 entry concerns Elastic Elasticsearch. It describes an unauthenticated remote vulnerability in the HTTP layer where sending a moderate number of malformed HTTP requests can cause an Elasticsearch node to exit with an OutOfMemory error, i.e., uncontrolled resource consumption lea...

7.5CVSS7.3AI score0.01232EPSS
CVE
CVE
added 2024/06/28 4:58 a.m.94 views

CVE-2024-37282

CVE-2024-37282 affects Elastic Cloud Enterprise (ECE) where, under certain preconditions, an API key created with limited privileges could be used to create new API keys with elevated privileges. Affected versions are ECE after 3.0.0 and before 3.7.2. The mitigation is to upgrade to version 3.7.2...

9.8CVSS6.9AI score0.00603EPSS
CVE
CVE
added 2018/09/19 7:0 p.m.62 views

CVE-2018-3825

The CVE-2018-3825 entry concerns Elastic Cloud Enterprise (ECE) before version 1.1.4, where a default master encryption key is used when granting ZooKeeper access to Elasticsearch clusters. The key is described as predictable across deployments unless overwritten, enabling an attacker who can con...

5.9CVSS5.5AI score0.00555EPSS
CVE
CVE
added 2018/09/19 7:0 p.m.62 views

CVE-2018-3828

Elastic Cloud Enterprise (ECE) prior to version 1.1.4 contains an information exposure vulnerability where certain exception conditions can leak encryption keys, passwords, and other sensitive headers to allocator logs. An attacker with access to the logging cluster could obtain leaked credential...

7.5CVSS7.3AI score0.00513EPSS
CVE
CVE
added 2022/09/28 7:34 p.m.58 views

CVE-2022-23716

The CVE-2022-23716 entry pertains to Elastic Cloud Enterprise (ECE) before 3.1.1, where the SAML signing private key used for RBAC could be disclosed via deployment logs in the Logging and Monitoring cluster. Connected sources confirm affected product/version and the root cause (private key expos...

5.3CVSS5.2AI score0.00532EPSS
CVE
CVE
added 2018/09/19 7:0 p.m.55 views

CVE-2018-3829

CVE-2018-3829 affects Elastic Cloud Enterprise (ECE) - versions prior to 1.1.4. The issue allows a user to scale out allocators on new hosts using an invalid roles token. An attacker with access to the previous runner ID and the coordinator-host IP could add an allocator to an existing ECE instal...

5.3CVSS5.4AI score0.0077EPSS
CVE
CVE
added 2025/11/07 10:8 p.m.54 views

CVE-2025-37736

Summary: CVE-2025-37736 is an Improper Authorization flaw in Elastic Cloud Enterprise (ECE) that can enable privilege escalation where a built-in readonly user may call APIs that should be disallowed. Affected endpoints (examples): /platform/configuration/security/service-accounts (POST/DELETE/…)...

8.8CVSS6.4AI score0.00324EPSS
Web
CVE
CVE
added 2025/10/13 1:47 p.m.27 views

CVE-2025-37729

Elastic Cloud Enterprise (ECE) is affected by CVE-2025-37729 due to improper neutralization of Jinjava template elements. The issue allows a user with Admin access to exfiltrate sensitive information and issue commands through a specially crafted string that causes Jinjava variables to be evaluat...

9.1CVSS6.3AI score0.00578EPSS