Elastic: >> Elasticsearch >> 7.17.22 Security Vulnerabilities
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-07-31