High severity8.8NVD Advisory· Published Sep 19, 2018· Updated Jun 17, 2026
CVE-2018-3831
CVE-2018-3831
Description
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 5.6.0, < 5.6.12 | 5.6.12 |
org.elasticsearch:elasticsearchMaven | >= 6.0.0, < 6.4.1 | 6.4.1 |
Affected products
2- Range: before 5.6.12 and 6.4.1
Patches
Vulnerability mechanics
References
4- discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035nvdMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-r9fv-qpm9-rj4gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3831ghsaADVISORY
- www.elastic.co/community/securitynvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.