Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
CVSS Information
N/A
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Elastic Cloud Enterprise 安全漏洞
Vulnerability Description
Elastic Cloud Enterprise(ECE)是荷兰Elasticsearch公司的一套用于管理、监控和配置Elasticsearch、Kibana和X-Pack的软件包。 ECE 1.1.4版本中存在安全漏洞,该漏洞源于在授权ZooKeeper访问Elasticsearch集群的过程中程序使用了默认的master加密密钥,除非被明确地覆盖,否则该master密钥在所有的ECE部署范围内都是可预测的。攻击者可通过获取其他租户的集群ID并通过直接连接ZooKeeper利用该漏洞访问租户的配置信息
CVSS Information
N/A
Vulnerability Type
N/A