Описание
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
Уязвимые конфигурации
Одно из
EPSS
4.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
It was discovered by Elastic engineering that when elasticsearch-certu ...
Elasticsearch stores private key on disk unencrypted
EPSS
4.9 Medium
CVSS3
7.5 High
CVSS3