QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8444

Published: Sep 28, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Vendor	Product	Versions
Elastic	Elastic Cloud Enterprise	affected `1.0.0 and 1.0.1`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.