CVE-2018-3826 - OpenCVE

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elastic	Elasticsearch

Configuration 1 [-]

OR	cpe:2.3:a:elastic:elasticsearch::::::::
	cpe:2.3:a:elastic:elasticsearch:6.0.0:beta1::::::

No data.

References

Link	Providers
https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777
https://www.elastic.co/community/security

History

No history.

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2018-09-19T19:00:00

Updated: 2024-08-05T04:57:24.440Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3826

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-19T19:29:00.627

Modified: 2019-10-09T23:40:40.357

Link: CVE-2018-3826

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Elasticsearch", "vendor": "Elastic", "versions": [{"status": "affected", "version": "6.0.0-beta1 to 6.2.4"}]}], "datePublic": "2018-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-19T18:57:01", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/community/security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2018-3826", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Elasticsearch", "version": {"version_data": [{"version_value": "6.0.0-beta1 to 6.2.4"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://www.elastic.co/community/security", "refsource": "CONFIRM", "url": "https://www.elastic.co/community/security"}, {"name": "https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777", "refsource": "CONFIRM", "url": "https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:57:24.440Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.elastic.co/community/security"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2018-3826", "datePublished": "2018-09-19T19:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T04:57:24.440Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "55C43932-90D7-4155-9F61-2430E18DDE34", "versionEndIncluding": "6.2.4", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:6.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "80722BC9-FE00-4D7E-9E81-F0A1CEFE0F9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API."}, {"lang": "es", "value": "En Elasticsearch desde la versi\u00f3n 6.0.0-beta1 hasta la 6.2.4, se ha detectado una vulnerabilidad de divulgaci\u00f3n en la API _snapshot. Cuando los par\u00e1metros access_key y security_key est\u00e1n configurados usando la API _snapshot, se pueden exponen como texto plano por los usuarios que sean capaz de lanzar una consulta a la API _snapshot."}], "id": "CVE-2018-3826", "lastModified": "2019-10-09T23:40:40.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-19T19:29:00.627", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-6-3-0-and-5-6-10-security-update/135777"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "bressers@elastic.co", "type": "Secondary"}]}