CVE-2017-8444

EPSS 0.12%
Published 29.09.2017 01:34:50
Last modified 20.04.2025 01:37:25
Source bressers@elastic.co
Teams watchlist Login
Open Login

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Elasticsearch ≫ Cloud Enterprise Version1.0.0

Elasticsearch ≫ Cloud Enterprise Version1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.282

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-8444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8444

EUVD