{"api_version":"1","generated_at":"2026-04-23T05:58:05+00:00","cve":"CVE-2022-23716","urls":{"html":"https://cve.report/CVE-2022-23716","api":"https://cve.report/api/cve/CVE-2022-23716.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-23716","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-23716"},"summary":{"title":"CVE-2022-23716","description":"A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.","state":"PUBLIC","assigner":"security@elastic.co","published_at":"2022-09-28 20:15:00","updated_at":"2022-09-30 18:14:00"},"problem_types":["CWE-532"],"metrics":[],"references":[{"url":"https://www.elastic.co/community/security/","name":"https://www.elastic.co/community/security/","refsource":"MISC","tags":[],"title":"Security issues | Elastic","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317","name":"https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317","refsource":"MISC","tags":[],"title":"Elastic Cloud Enterprise 3.1.1 Security Update - Security Announcements - Discuss the Elastic Stack","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-23716","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23716","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"23716","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"elastic","cpe5":"elastic_cloud_enterprise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_format":"MITRE","data_type":"CVE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"security@elastic.co","ID":"CVE-2022-23716","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Elastic","product":{"product_data":[{"product_name":"Elastic Cloud Enterprise","version":{"version_data":[{"version_value":"Versions through 3.1.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-532: Insertion of Sensitive Information into Log File"}]}]},"references":{"reference_data":[{"url":"https://www.elastic.co/community/security/","refsource":"MISC","name":"https://www.elastic.co/community/security/"},{"url":"https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317","refsource":"MISC","name":"https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster."}]}},"nvd":{"publishedDate":"2022-09-28 20:15:00","lastModifiedDate":"2022-09-30 18:14:00","problem_types":["CWE-532"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"23716","Ordinal":"226578","Title":"CVE-2022-23716","CVE":"CVE-2022-23716","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"23716","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}