A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317 | Release Notes Vendor Advisory |
https://www.elastic.co/community/security/ | Product |
Configurations
History
30 Sep 2022, 18:14
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317 - Release Notes, Vendor Advisory | |
References | (MISC) https://www.elastic.co/community/security/ - Product | |
First Time |
Elastic elastic Cloud Enterprise
Elastic |
|
CPE | cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:* | |
CWE | CWE-532 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
28 Sep 2022, 20:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-28 20:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23716
Mitre link : CVE-2022-23716
CVE.ORG link : CVE-2022-23716
JSON object : View
Products Affected
elastic
- elastic_cloud_enterprise
CWE
CWE-532
Insertion of Sensitive Information into Log File