CVE-2022-23716

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

Published: Sep 28, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-23716
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
elastic / elastic_cloud_enterprise	-	3.1.1

https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317
https://www.elastic.co/community/security/

Vulnerability Database

289,697

CVE-2022-23716