Описание
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:elasticsearch:cloud_enterprise:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:cloud_enterprise:1.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00121
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
EPSS
Процентиль: 32%
0.00121
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
NVD-CWE-noinfo