cvedb.io
CVE-2018-3825
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2018-09-19T19:29:00.500 · Last modified 2026-06-17T01:57:51.230

Summary

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

Affected products

elastic — elastic_cloud_enterprise

Does this affect you?

Add your gear to cvedb and we'll alert you only when elastic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.