← volver
CVE-2022-23715

CVE-2022-23715

EPSS 0.7%CWE-532
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 ago 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
Productos afectados
Elastic · Elastic Cloud Enterprise

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825https://www.elastic.co/community/security