ID:

CVE-2018-3831 (NVD)

- Vulnerability Info (edit)
2018-09-19

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.

Products Elasticsearch
Type Information Exposure (CWE-200)
First patch - None (likely due to unavailable code)
Links https://www.elastic.co/community/security
https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
Annotation

Note:

No patch was assigned yet.