Elastic Cloud Enterprise@* Security Vulnerabilities and Issues — Elastic Cloud Enterprise@* CVE List

Lucene search

ElasticElastic Cloud Enterprise*

3 matches found

CVE•added 2018/09/19 7:29 p.m.•50 views

CVE-2018-3825

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper ...

5.9CVSS5.5AI score0.00129EPSS

CVE•added 2018/09/19 7:29 p.m.•46 views

CVE-2018-3828

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to t...

7.5CVSS7.3AI score0.0019EPSS

CVE•added 2018/09/19 7:29 p.m.•40 views

CVE-2018-3829

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to g...

5.3CVSS5.4AI score0.0022EPSS