CVE-2018-3829

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise (ECE) versions prior to 1.1.4

Description A security issue was found in Elastic Cloud Enterprise where a user could scale out allocators on new hosts using an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could exploit this to add an allocator to an existing ECE installation, potentially gaining access to other clusters' data.

Recommendations For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue.

Fix

Improper Authorization

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-290

Related Identifiers

CVE-2018-3829

Affected Products

Cloud Enterprise

CVE-2018-3829

Weakness Enumeration

Related Identifiers

Affected Products

References · 4