Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
Vulnerability Description
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
Elastic Cloud Enterprise 安全漏洞
Vulnerability Description
Elastic Cloud Enterprise是荷兰Elastic公司的一种云平台。使在云中部署、操作和扩展 Elastic Stack 变得容易。 Elastic Cloud Enterprise存在安全漏洞,该漏洞源于模板引擎中特殊元素中和不当,可能导致管理员权限的攻击者通过特制字符串窃取敏感信息和执行命令。
CVSS Information
N/A
Vulnerability Type
N/A