Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2018-09-19T19:00:00
Updated: 2024-08-05T04:57:24.076Z
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-3831
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-19T19:29:01.343
Modified: 2024-11-21T04:06:07.347
Link: CVE-2018-3831
Redhat