Vulnerabilities > CVE-2018-3827 - Credentials Management vulnerability in Elastic Azure Repository 6.0.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

elastic

CWE-255

nessus

NVD

Published: 2018-09-19

Updated: 2019-10-09

Summary

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Azure Repository 6.0.0 Elastic Azure Repository *	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Nessus

NASL family	CGI abuses
NASL id	ELASTICSEARCH_ESA_2018_11.NASL
description	A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.
last seen	2020-06-01
modified	2020-06-02
plugin id	112046
published	2018-08-22
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112046
title	Elasticsearch ESA-2018-11

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References