CVE-2018-3829

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
Configurations

Configuration 1

cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*

Information

Published : 2018-09-19 07:29

Updated : 2019-10-09 11:40


NVD link : CVE-2018-3829

Mitre link : CVE-2018-3829

Products Affected
No products.
CWE
CWE-290

Authentication Bypass by Spoofing