Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23715

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore

Published

2022-08-25T18:15:09.760

Last Modified

2024-11-21T06:49:10.000

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-532
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	elastic_cloud_enterprise	< 3.4.0	Yes

References

https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825 Vendor Advisory ([email protected])
https://www.elastic.co/community/security Vendor Advisory ([email protected])
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)