Описание
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.4 (исключая)
cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.0022
Низкий
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-285
CWE-290
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
EPSS
Процентиль: 44%
0.0022
Низкий
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-285
CWE-290