CVE-2022-23716
MEDIUMElastic Cloud Enterprise < 3.1.1 - Sensitive Information Disclosure in Deployment Logs
Title source: llmDescription
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.elastic.co/community/security/
Release Notes, Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317
Scores
CVSS v3
5.3
EPSS
0.0052
EPSS Percentile
39.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (1)
elastic/elastic_cloud_enterprise
< 3.1.1
Published
Sep 28, 2022
Tracked Since
Feb 18, 2026