CVE-2022-23716 — Log File Information Exposure in Cloud Enterprise

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elastic Cloud Enterprise

Timeline

PublishedSep 28

Latest updateSep 29

Description

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDelastic/elastic_cloud_enterprise< 3.1.1

▶CVEListV5elastic/elastic_cloud_enterpriseVersions through 3.1.1

🔴Vulnerability Details

GHSA

GHSA-59wm-xj7c-3vq4: A flaw was discovered in ECE before 3↗2022-09-29

▶

CVEList

CVE-2022-23716: A flaw was discovered in ECE before 3↗2022-09-28

▶