Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.elastic.co/community/security/ |
History
Mon, 18 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2020-06-03T17:55:42
Updated: 2024-11-18T17:29:12.007Z
Reserved: 2020-01-14T00:00:00
Link: CVE-2020-7010
Vulnrichment
Updated: 2024-08-04T09:18:02.494Z
NVD
Status : Analyzed
Published: 2020-06-03T18:15:22.697
Modified: 2024-02-10T03:00:00.207
Link: CVE-2020-7010
Redhat
No data.