CVE-2018-3825 - OpenCVE

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elastic	Elastic Cloud Enterprise

Configuration 1 [-]

cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778
https://www.elastic.co/community/security

History

No history.

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2018-09-19T19:00:00

Updated: 2024-08-05T04:57:24.044Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3825

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-19T19:29:00.500

Modified: 2019-10-09T23:40:40.233

Link: CVE-2018-3825

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Elastic Cloud Enterprise (ECE)", "vendor": "Elastic", "versions": [{"status": "affected", "version": "before 1.1.4"}]}], "datePublic": "2018-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321: Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-19T18:57:01", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/community/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2018-3825", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Elastic Cloud Enterprise (ECE)", "version": {"version_data": [{"version_value": "before 1.1.4"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-321: Use of Hard-coded Cryptographic Key"}]}]}, "references": {"reference_data": [{"name": "https://www.elastic.co/community/security", "refsource": "CONFIRM", "url": "https://www.elastic.co/community/security"}, {"name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778", "refsource": "CONFIRM", "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:57:24.044Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.elastic.co/community/security"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2018-3825", "datePublished": "2018-09-19T19:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T04:57:24.044Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBE5D901-05D3-4C30-BFCC-764132574714", "versionEndExcluding": "1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known."}, {"lang": "es", "value": "En Elastic Cloud Enterprise (ECE) en versiones anteriores a la 1.1.4, una clave de cifrado maestra por defecto se utiliza en el proceso de concesi\u00f3n de acceso de Zookeeper a los cl\u00fasters de Elasticsearch. A no ser que est\u00e9 expl\u00edcitamente sobrescrito, esta clave maestra es predecible en todos los despliegues ECE. Si un atacante puede conectar directamente con ZooKeeper, podr\u00eda acceder a la informaci\u00f3n de configuraci\u00f3n de otros inquilinos si el ID del cl\u00faster es conocido."}], "id": "CVE-2018-3825", "lastModified": "2019-10-09T23:40:40.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-19T19:29:00.500", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-321"}], "source": "bressers@elastic.co", "type": "Secondary"}]}