CVE-2018-3827

high

Description

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

References

https://www.elastic.co/community/security

https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777

Details

Source: Mitre, NVD

Published: 2018-09-19

Updated: 2020-09-18

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High