CVE-2018-3827

CVE-2018-3827

Vendor Elastic
Product Elasticsearch
Weakness CWE-532 · Sensitive info in logs
Published September 19, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

Key dates

02Disclosure timeline

September 19, 2018 CVE published
August 5, 2024 Record updated