VYPR
Unrated severityNVD Advisory· Published Aug 25, 2022· Updated Aug 3, 2024

CVE-2022-23715

CVE-2022-23715

Description

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elastic/Cloud Enterprisellm-fuzzy2 versions
    <3.4.0+ 1 more
    • (no CPE)range: <3.4.0
    • (no CPE)range: Versions through 3.4.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.