Security Advisory

CVE-2018-3829

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-09-19 19:00:00

Last updated 2024-08-05 04:57:23

Assigner elastic

State PUBLISHED

Description

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.

← Browse all CVEs View on cve.org ↗