Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elasticsearch elasticsearch-certutil csr fails to encrypt private key
Vulnerability Description
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
敏感数据加密缺失
Vulnerability Title
Elastic Elasticsearch 安全漏洞
Vulnerability Description
Elastic Elasticsearch是荷兰Elastic公司的一个基于Lucene库的搜索引擎。 Elastic Elasticsearch 7.17.23之前的7.x版本和8.13.0之前的8.x版本存在安全漏洞,该漏洞源于生成的相关私钥会以未加密的形式存储在磁盘上。
CVSS Information
N/A
Vulnerability Type
N/A