Elastic Cloud Enterprise (Ece)
Approved changes feed: RSS · Atom
cpe:2.3:a:elastic:elastic_cloud_enterprise_(ece):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Elastic (1d0b8d2a-fd47-5b20-b005-34326f9bd037) |
|---|---|
| Product | Elastic Cloud Enterprise (Ece) (3be62ad4-9c5d-5d45-8f0c-1f88a2182274) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-37736 |
vulnerable | 2026-06-03 15:00:54.154471 |
Elastic Cloud Enterprise Improper Authorization
HIGH (8.8)
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is:
post:/platform/configuration/security/service-accounts
delete:/platform/configuration/security/service-accounts/{user_id}
patch:/platform/configuration/security/service-accounts/{user_id}
post:/platform/configuration/security/service-accounts/{user_id}/keys
delete:/platform/configuration/security/service-accounts/{user_id}/keys/{api_key_id}
patch:/user
post:/users
post:/users/auth/keys
delete:/users/auth/keys
delete:/users/auth/keys/_all
delete:/users/auth/keys/{api_key_id}
delete:/users/{user_id}/auth/keys
delete:/users/{user_id}/auth/keys/{api_key_id}
delete:/users/{user_name}
patch:/users/{user_name}
Published: 2025-11-07T22:08:11.891Z
Updated: 2026-02-26T17:47:06.540Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-37729 |
vulnerable | 2026-06-03 15:00:54.148508 |
Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
CRITICAL (9.1)
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
Published: 2025-10-13T13:47:08.907Z
Updated: 2026-02-26T17:47:45.796Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3825 |
vulnerable | 2026-06-03 14:38:50.481337 |
Details available
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.
Published: 2018-09-19T19:00:00.000Z
Updated: 2024-08-05T04:57:24.044Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.