CVE-2022-23716

MEDIUM5.3Info disclosure

Description

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

Elastic / Elastic Cloud EnterpriseVersions through 3.1.1 – Versions through 3.1.1

References

MISChttps://www.elastic.co/community/security/
MISChttps://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317