CVE-2017-8444

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise versions prior to 1.0.2

Description The issue concerns the client-forwarder in Elastic Cloud Enterprise, which does not properly encrypt traffic to ZooKeeper. This could allow an attacker to obtain sensitive data if they are able to perform a man-in-the-middle (MITM) attack on the traffic between the client-forwarder and ZooKeeper.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ZooKeeper endpoint to minimize the risk of exploitation.