CVE-2022-23715
First published: Thu Aug 25 2022(Updated: )
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Elastic Cloud Enterprise | <3.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2022-23715.
What is the severity of CVE-2022-23715?
The severity of CVE-2022-23715 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2022-23715?
The affected software for CVE-2022-23715 is Elastic Cloud Enterprise before 3.4.0.
What is the impact of CVE-2022-23715?
CVE-2022-23715 could lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs.
How can I mitigate CVE-2022-23715?
To mitigate CVE-2022-23715, it is recommended to update Elastic Cloud Enterprise to version 3.4.0 or newer.
- collector/nvd-index
- vendor/elastic
- canonical/elastic elastic cloud enterprise