CVE-2017-8444
First published: Thu Sep 28 2017(Updated: )
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Cloud Enterprise | =1.0.0 | |
| Elastic Cloud Enterprise | =1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-8444?
CVE-2017-8444 has a medium severity rating due to the risk of man-in-the-middle attacks leading to data exposure.
How do I fix CVE-2017-8444?
To resolve CVE-2017-8444, upgrade Elastic Cloud Enterprise to version 1.0.2 or later, which includes proper encryption for traffic to ZooKeeper.
What specific versions of Elastic Cloud Enterprise are affected by CVE-2017-8444?
CVE-2017-8444 affects Elastic Cloud Enterprise versions 1.0.0 and 1.0.1.
What type of attack can exploit CVE-2017-8444?
CVE-2017-8444 can be exploited through a man-in-the-middle (MITM) attack, allowing unauthorized access to sensitive data.
Is sensitive data at risk with CVE-2017-8444?
Yes, CVE-2017-8444 exposes sensitive data during unencrypted traffic between the client-forwarder and ZooKeeper.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/elasticsearch
- canonical/elastic cloud enterprise
- version/elastic cloud enterprise/1.0.0
- version/elastic cloud enterprise/1.0.1