Medium severity5.9NVD Advisory· Published Sep 19, 2018· Updated Jun 17, 2026
CVE-2018-3825
CVE-2018-3825
Description
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.1.4+ 1 more
- (no CPE)range: <1.1.4
- (no CPE)range: before 1.1.4
Patches
Vulnerability mechanics
References
2- discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778nvdVendor Advisory
- www.elastic.co/community/securitynvdVendor Advisory
News mentions
0No linked articles in our index yet.