Unrated severityNVD Advisory· Published Aug 25, 2022· Updated Aug 3, 2024
CVE-2022-23715
CVE-2022-23715
Description
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.4.0+ 1 more
- (no CPE)range: <3.4.0
- (no CPE)range: Versions through 3.4.0
Patches
Vulnerability mechanics
References
2- discuss.elastic.co/t/elastic-cloud-enterprise-3-4-0-security-update/312825mitrex_refsource_MISC
- www.elastic.co/community/securitymitrex_refsource_MISC
News mentions
0No linked articles in our index yet.