CVE-2022-23715

CVE-2022-23715

Vendor Elastic
Product Elastic Cloud Enterprise
Weakness CWE-532 · Sensitive info in logs
Published August 25, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore

Key dates

02Disclosure timeline

August 25, 2022 CVE published
August 3, 2024 Record updated