Vulnerabilities > CVE-2018-3827 - Credentials Management vulnerability in Elastic Azure Repository 6.0.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
elastic
CWE-255
nessus

Summary

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

Vulnerable Configurations

Part Description Count
Application
Elastic
3

Common Weakness Enumeration (CWE)

Nessus

NASL familyCGI abuses
NASL idELASTICSEARCH_ESA_2018_11.NASL
descriptionA sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.
last seen2020-06-01
modified2020-06-02
plugin id112046
published2018-08-22
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/112046
titleElasticsearch ESA-2018-11