cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37282,https://securityvulnerability.io/vulnerability/CVE-2024-37282,Elevated Privileges Granted Through API Key Reuse,"A security issue has been identified within Elastic Cloud Enterprise, where an API key initially created with limited privileges can be exploited to generate new API keys with elevated privileges. This vulnerability can potentially allow unauthorized access to sensitive operations and resources, posing significant risks to data integrity and security. Organizations utilizing Elastic Cloud Enterprise are advised to take immediate steps to review their key management practices and apply necessary updates or patches to mitigate this risk.",Elastic,Elastic Cloud Enterprise,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T04:58:18.200Z,0
CVE-2022-23716,https://securityvulnerability.io/vulnerability/CVE-2022-23716,SAML Private Key Disclosure in Elastic Cloud Enterprise by Elastic,"A vulnerability has been identified in Elastic Cloud Enterprise prior to version 3.1.1 that allows for potential exposure of the SAML signing private key. This sensitive information can be found in the deployment logs of the Logging and Monitoring cluster, jeopardizing the security of Role-Based Access Control (RBAC) features. Proper precautions and updates are essential to mitigate the risks associated with this security flaw.",Elastic,Elastic Cloud Enterprise,5.3,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-09-28T19:34:00.000Z,0
CVE-2022-23715,https://securityvulnerability.io/vulnerability/CVE-2022-23715,Sensitive Information Disclosure in ECE by Elastic,"A security flaw exists in Elastic Cloud Enterprise (ECE) prior to version 3.4.0 that can expose sensitive information such as user passwords and Elasticsearch keystore settings in logs like audit logs or deployment logs. This vulnerability primarily affects the PATCH APIs for user management and Elasticsearch keystore management, potentially leading to unauthorized access to sensitive data.",Elastic,Elastic Cloud Enterprise,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-08-25T17:25:42.000Z,0
CVE-2018-3828,https://securityvulnerability.io/vulnerability/CVE-2018-3828,,"Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to the logging cluster may obtain leaked credentials and perform authenticated actions using these credentials.",Elastic,Elastic Cloud Enterprise,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-09-19T19:00:00.000Z,0
CVE-2018-3829,https://securityvulnerability.io/vulnerability/CVE-2018-3829,,In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.,Elastic,Elastic Cloud Enterprise,5.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2018-09-19T19:00:00.000Z,0
CVE-2018-3825,https://securityvulnerability.io/vulnerability/CVE-2018-3825,,"In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.",Elastic,Elastic Cloud Enterprise (ece),5.9,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2018-09-19T19:00:00.000Z,0
CVE-2017-8444,https://securityvulnerability.io/vulnerability/CVE-2017-8444,,The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.,Elastic,Elastic Cloud Enterprise,5.9,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2017-09-29T01:34:00.000Z,0