CVE-2018-3828

CVE-2018-3828

Vendor Elastic
Product Elastic Cloud Enterprise
Weakness CWE-532 · Sensitive info in logs
Published September 19, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.

Key dates

02Disclosure timeline

September 19, 2018 CVE published
August 5, 2024 Record updated