📦

elastic_cloud_on_kubernetes

Vendor: elastic

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.27% Exploit Prob.

Latest CVE CVE-2023-31416 Oct 26

Security Vulnerability Index

Page 1 / 1

5.3 CVSS

CVE-2023-31416

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.

EPSS: 0.19%

Severity: MEDIUM

Oct 26, 2023

7.5 CVSS

CVE-2020-7010

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

EPSS: 0.35%

Severity: HIGH

Jun 03, 2020

Displaying 2 of 2 Total Entries

Total 1 Sections