7.5
CVE-2020-7010
- EPSS 0.35%
- Veröffentlicht 03.06.2020 18:15:22
- Zuletzt bearbeitet 21.11.2024 05:36:29
- Quelle bressers@elastic.co
- Teams Watchlist Login
- Unerledigt Login
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elastic ≫ Elastic Cloud On Kubernetes Version < 1.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.549 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.