CVE-2018-3827Log File Information Exposure in Azure Repository

CWE-532Log File Information Exposure3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 47.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elastic Azure RepositoryElastic Elasticsearch
Timeline
PublishedSep 19
Latest updateMay 13

Description

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDelastic/azure_repository6.0.16.2.4+1
CVEListV5elastic/elasticsearchbefore 6.3.0

🔴Vulnerability Details

2
GHSA
GHSA-xc6w-7c69-3cf8: A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin2022-05-13
CVEList
CVE-2018-3827: A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin2018-09-19
CVE-2018-3827 — Log File Information Exposure | cvebase