CVE-2017-8444 Vulnerability Details

  /     /     /  

CVE-2017-8444 Metadata Quick Info

CVE Published: 28/09/2017 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: elastic | Vendor: Elastic | Product: Elastic Cloud Enterprise
Status : PUBLISHED

---

CVE-2017-8444 Description

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-319
CWE Name: CWE-319: Cleartext Transmission of Sensitive Information
Source: Elastic

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).