QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3829

Published: Sep 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.

Vendor	Product	Versions
Elastic	Elastic Cloud Enterprise	affected `before 1.1.4`

Weaknesses (CWE)

References

https://www.elastic.co/community/security

x_refsource_CONFIRM

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.