CVE-2022-23716

CVSS 5.3 MEDIUMEPSS 0.5%CWE-532

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Sep 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Elastic · Elastic Cloud Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317 https://www.elastic.co/community/security/