Описание
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (исключая)
cpe:2.3:a:elastic:elastic_cloud_on_kubernetes:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00352
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-335
CWE-335
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
EPSS
Процентиль: 57%
0.00352
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-335
CWE-335