Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcDQteHg2bS03dmY2
Cryptographic Issues in ECK
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
Permalink: https://github.com/advisories/GHSA-vfp4-xx6m-7vf6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcDQteHg2bS03dmY2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 2 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-vfp4-xx6m-7vf6, CVE-2020-7010
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7010
- https://www.elastic.co/community/security/
- https://github.com/advisories/GHSA-vfp4-xx6m-7vf6
Affected Packages
go:github.com/elastic/cloud-on-k8s
Dependent packages: 18Dependent repositories: 26
Downloads:
Affected Version Ranges: < 1.1.0
Fixed in: 1.1.0
All affected versions:
All unaffected versions: