CVE-2018-3827

Summary

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

Affected Software

VendorProductVersion RangeStatus
ElasticElasticsearchbefore 6.3.0affected

Weaknesses

  • CWE-532: CWE-532: Information Exposure Through Log Files

ADP Enrichment

CVE Program Container

Additional References

References