Vulnerabilities > Elastic > Elastic Cloud Enterprise > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-23716 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | 5.3 |
| 2022-08-25 | CVE-2022-23715 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. | 6.5 |
| 2018-09-19 | CVE-2018-3829 | Authentication Bypass by Spoofing vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. | 5.3 |
| 2018-09-19 | CVE-2018-3825 | Insecure Default Initialization of Resource vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. | 5.9 |