Medium severity5.9NVD Advisory· Published Sep 29, 2017· Updated May 13, 2026

CVE-2017-8444

Description

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Affected products

Elasticsearch/Cloud Enterprise2 versions
cpe:2.3:a:elasticsearch:cloud_enterprise:1.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:elasticsearch:cloud_enterprise:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:cloud_enterprise:1.0.1:*:*:*:*:*:*:*
Elastic/Elastic Cloud Enterprisev5
Range: 1.0.0 and 1.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000