CVE-2017-8444
MEDIUMElastic Cloud Enterprise < 1.0.2 - Cleartext Transmission of Sensitive Information to ZooKeeper
Title source: llmDescription
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247
Scores
CVSS v3
5.9
EPSS
0.0012
EPSS Percentile
30.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (3)
Elastic/Elastic Cloud Enterprise
1.0.0 and 1.0.1
elasticsearch/cloud_enterprise
1.0.0
elasticsearch/cloud_enterprise
1.0.1
Published
Sep 29, 2017
Tracked Since
Feb 18, 2026