CVE-2022-23716

CVSS 5.3 MEDIUMEPSS 0.5%CWE-532

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Elastic · Elastic Cloud Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317 https://www.elastic.co/community/security/