CVE-2018-3829 is a vulnerability in Elastic Cloud Enterprise
Published on September 19, 2018
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2018-3829 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2018-3829
Want to know whenever a new CVE is published for Elastic Cloud Enterprise? stack.watch will email you.
Affected Versions
Elastic Cloud Enterprise Version before 1.1.4 is affected by CVE-2018-3829Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.