CVE-2022-23716
First published: Wed Sep 28 2022(Updated: )
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Elastic Cloud Enterprise | <3.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this flaw?
The vulnerability ID of this flaw is CVE-2022-23716.
What software version is affected by this flaw?
ECE before version 3.1.1 is affected by this flaw.
What is the severity of CVE-2022-23716?
The severity of CVE-2022-23716 is medium with a CVSS score of 5.3.
What is the impact of this flaw?
This flaw could lead to the disclosure of the SAML signing private key used for the RBAC features.
How can I fix CVE-2022-23716?
You can fix CVE-2022-23716 by updating to ECE version 3.1.1 or higher.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elastic
- canonical/elastic elastic cloud enterprise