CVE-2022-23715

State: PUBLISHED · Published: 2022-08-25 · Updated: 2024-08-03 · Assigner: elastic

Description

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore

CWE

CWE-532 — CWE-532

Affected

Elastic / Elastic Cloud Enterprise — v=Versions through 3.4.0 [affected]

CVSS

(none)

References

https://www.elastic.co/community/security x_refsource_MISC
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825 x_refsource_MISC

Source

cvelistV5-main/cves/2022/23xxx/CVE-2022-23715.json