Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elastic Cloud Enterprise 信息泄露漏洞
Vulnerability Description
Elastic Cloud Enterprise(ECE)是荷兰Elasticsearch公司的一套用于管理、监控和配置Elasticsearch、Kibana和X-Pack的软件包。 ECE 1.1.4之前版本中存在信息泄露漏洞。攻击者可利用该漏洞获取凭证,进而使用这些凭证执行需经身份验证的操作。
CVSS Information
N/A
Vulnerability Type
N/A