Vulnerability Description
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Elastic Cloud Enterprise | < 3.1.1 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/3153Release NotesVendor Advisory
- https://www.elastic.co/community/security/Product
- https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/3153Release NotesVendor Advisory
- https://www.elastic.co/community/security/Product
FAQ
What is CVE-2022-23716?
CVE-2022-23716 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
How severe is CVE-2022-23716?
CVE-2022-23716 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23716?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Elastic Cloud Enterprise.