![]() ![]() ![]() If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known. ![]() Unless explicitly overwritten, this master key is predictable across all ECE deployments. In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters The affected APIs are PATCH /api/v1/user and PATCH /deployments//keystore Insertion of Sensitive Information into Log FileĪ flaw was discovered in ECE before 3.4.0Ī flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. Recent Elastic Cloud Enterprise Security VulnerabilitiesĪ flaw was discovered in ECE before 3.1.1Ī flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Additionally vulnerabilities may be tagged under a different product or component name. It may take a day or so for new Elastic Cloud Enterprise vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Right now, Elastic Cloud Enterprise is on track to have less security vulnerabilities in 2023 than it did last year. Last year Elastic Cloud Enterprise had 2 security vulnerabilities published. In 2023 there have been 0 vulnerabilities in Elastic Cloud Enterprise. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |