Elastic Cloud Enterprise 3.1.1 Security Update

Elastic Cloud Enterprise Sensitive information disclosure issue (ESA-2022-11)

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.

Affected Versions:

Elastic Cloud Enterprise versions before 3.1.1 are affected by this flaw.

Solutions and Mitigations:

Users should upgrade to Elastic Cloud Enterprise 3.1.1 or later. Note that by default, only users with a Platform admin role have access to the Logging and Monitoring cluster.

CVSSv3.1: 8.7 (High) - AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE ID: CVE-2022-23716
CWE-532: Insertion of Sensitive Information into Log File