CVE-2022-23716

State: PUBLISHED · Published: 2022-09-28 · Updated: 2025-05-21 · Assigner: elastic

Description

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CWE

CWE-532 — CWE-532: Insertion of Sensitive Information into Log File

Affected

Elastic / Elastic Cloud Enterprise — v=Versions through 3.1.1 [affected]

CVSS

(none)

References

https://www.elastic.co/community/security/ x_refsource_MISC
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317 x_refsource_MISC

Source

cvelistV5-main/cves/2022/23xxx/CVE-2022-23716.json