CVE-2018-3828
First published: Wed Sep 19 2018(Updated: )
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Elastic Cloud Enterprise | <1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-3828?
CVE-2018-3828 is an information exposure vulnerability in Elastic Cloud Enterprise (ECE) versions prior to 1.1.4.
What is the severity of CVE-2018-3828?
The severity of CVE-2018-3828 is high, with a CVSS score of 7.5.
How does CVE-2018-3828 affect Elastic Cloud Enterprise?
CVE-2018-3828 affects Elastic Cloud Enterprise versions prior to 1.1.4 and can result in the leakage of encryption keys, passwords, and security sensitive headers.
How can I fix CVE-2018-3828?
To fix CVE-2018-3828, it is recommended to update Elastic Cloud Enterprise to version 1.1.4 or later.
Where can I find more information about CVE-2018-3828?
More information about CVE-2018-3828 can be found at the following references: [link1](https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778), [link2](https://www.elastic.co/community/security)
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elastic
- canonical/elastic elastic cloud enterprise