Elastic Cloud Enterprise
CVE-2018-3825
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
AnalysisAI
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-321. In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known. Affected products include: Elastic Elastic Cloud Enterprise. Version information: prior to 1.1.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Elastic Cloud Enterprise
View allIt was identified that under certain specific preconditions, an API key that was originally created with a specific priv
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. Rated high severity (CV
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severit
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwo
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on ne
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today