CVE-2022-23715

{"id": "CVE-2022-23715", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-08-25T18:15:09.760", "references": [{"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore"}, {"lang": "es", "value": "Se ha detectado un fallo en ECE versiones anteriores a 3.4.0, que podr\u00eda conducir a una divulgaci\u00f3n de informaci\u00f3n confidencial, como las contrase\u00f1as de los usuarios y los valores de configuraci\u00f3n de los almacenes de claves de Elasticsearch, en registros tales como el registro de auditor\u00eda o los registros de despliegue en el cl\u00faster de registro y supervisi\u00f3n. Las APIs afectadas son PATCH /api/v1/user y PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore"}], "lastModified": "2024-11-21T06:49:10.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "913D8307-3AD1-4A5C-9AE4-B50090E43130", "versionEndExcluding": "3.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}