CVE-2022-23715
MEDIUMElastic Cloud Enterprise < 3.4.0 - Log Information Exposure
Title source: ruleDescription
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.elastic.co/community/security
Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825
Scores
CVSS v3
6.5
EPSS
0.0028
EPSS Percentile
51.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
elastic/elastic_cloud_enterprise
< 3.4.0
Published
Aug 25, 2022
Tracked Since
Feb 18, 2026