Published: 19/09/2018 Updated: 07/04/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Elasticsearch Alerting and Monitoring in versions prior to 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elastic elasticsearch

Synopsis Important: Red Hat Fuse 770 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 76 to 77) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...

Elasticsearch Alerting and Monitoring in versions before 641 or 5612 have an information disclosure issue when secrets are configured via the API The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames This could allow an authenticated Elasticsearch user to ...

CWE-200 https://www.elastic.co/community/security https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035 https://access.redhat.com/errata/RHSA-2020:3192 https://nvd.nist.gov

CVE-2018-3831

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect