CVE-2018-3825

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778	Vendor Advisory
https://www.elastic.co/community/security	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-09-19 19:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-3825

Mitre link : CVE-2018-3825

CVE.ORG link : CVE-2018-3825

JSON object : View

Products Affected

elastic

elastic_cloud_enterprise

CWE

CWE-1188

Insecure Default Initialization of Resource

CWE-321

Use of Hard-coded Cryptographic Key

{"id": "CVE-2018-3825", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-09-19T19:29:00.500", "references": [{"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1188"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."}, {"lang": "es", "value": "En Elastic Cloud Enterprise (ECE) en versiones anteriores a la 1.1.4, una clave de cifrado maestra por defecto se utiliza en el proceso de concesi\u00f3n de acceso de Zookeeper a los cl\u00fasters de Elasticsearch. A no ser que est\u00e9 expl\u00edcitamente sobrescrito, esta clave maestra es predecible en todos los despliegues ECE. Si un atacante puede conectar directamente con ZooKeeper, podr\u00eda acceder a la informaci\u00f3n de configuraci\u00f3n de otros inquilinos si el ID del cl\u00faster es conocido."}], "lastModified": "2019-10-09T23:40:40.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBE5D901-05D3-4C30-BFCC-764132574714", "versionEndExcluding": "1.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}