cbcvebase.
CVE-2018-3831
published 2018-09-19

CVE-2018-3831: Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The…

PriorityP347high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.98%
78.1th percentile
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.

Affected

3 ranges
VendorProductVersion rangeFixed in
elasticelasticsearch
elasticelasticsearch>= 5.6.0 < 5.6.125.6.12
elasticelasticsearch>= 6.0.0 < 6.4.16.4.1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.