CVE-2018-3825

EPSS 0.6%CWE-321

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 set 2018Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

Produtos afetados

Elastic · Elastic Cloud Enterprise (ECE)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778 https://www.elastic.co/community/security