MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcDQteHg2bS03dmY2

High EPSS: 0.00352% (0.56606 Percentile) EPSS:

Permalink JSON

Cryptographic Issues in ECK

Affected Packages	Affected Versions	Fixed Versions
go:github.com/elastic/cloud-on-k8s PURL: `pkg:go/github.com%2Felastic%2Fcloud-on-k8s`	< 1.1.0	1.1.0
20 Dependent packages 26 Dependent repositories Affected Version Ranges All affected versions v0.0.0-20220105094828-721cccfd905f, v0.0.0-20220627132447-8df5d6ccb7d9 All unaffected versions

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-7010
https://www.elastic.co/community/security/
https://github.com/advisories/GHSA-vfp4-xx6m-7vf6

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcDQteHg2bS03dmY2

Cryptographic Issues in ECK

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API