CVE-2017-8444
Summary
| CVE | CVE-2017-8444 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-09-29 01:34:00 UTC |
| Updated | 2019-10-09 23:30:00 UTC |
| Description | The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Elasticsearch | Cloud Enterprise | 1.0.0 | All | All | All |
| Application | Elasticsearch | Cloud Enterprise | 1.0.1 | All | All | All |
| Application | Elasticsearch | Cloud Enterprise | 1.0.0 | All | All | All |
| Application | Elasticsearch | Cloud Enterprise | 1.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Elastic Cloud Enterprise 1.0.2 security update - Security Announcements - Discuss the Elastic Stack | MISC | discuss.elastic.co | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.