Lucene search
ElasticCVELIST:CVE-2018-3831HistorySep 19, 2018 - 7:00 p.m.
CVE-2018-3831
2018-09-1919:00:00
CWE-200
elastic
www.cve.org
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
CNA Affected
[
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.12 and 6.4.1"
}
]
}
]Related
osv
osv
CVE-2018-3831
2018-09-19 19:29:01
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-13 01:27:27
prion
prion
Information disclosure
2018-09-19 19:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-13 01:27:27
nvd
nvd
CVE-2018-3831
2018-09-19 19:29:01
nessus
nessus
Elasticsearch ESA-2018-15
2018-09-24 00:00:00
Photon OS 1.0: Elasticsearch PHSA-2019-1.0-0205
2019-03-18 00:00:00
redhatcve
redhatcve
CVE-2018-3831
2018-09-24 20:50:41
veracode
veracode
Information Disclosure
2018-09-26 06:29:44
cve
cve
CVE-2018-3831
2018-09-19 19:29:01
openvas
openvas
ubuntucve
ubuntucve
CVE-2018-3831
2018-09-19 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0116
2018-12-26 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0205
2019-02-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-0205
2019-02-04 00:00:00
redhat
redhat
(RHSA-2020:3192) Important: Red Hat Fuse 7.7.0 release and security update
2020-07-28 15:50:16