The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: elastic
Published: 2017-09-28T19:00:00
Updated: 2017-09-28T18:57:02
Reserved: 2017-05-02T00:00:00
Link: CVE-2017-8444
JSON object: View
NVD Information
Status : Modified
Published: 2017-09-29T01:34:50.547
Modified: 2019-10-09T23:30:14.487
Link: CVE-2017-8444
JSON object: View
Redhat Information
No data.