Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious ac

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges cou

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could for

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC feat

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and El

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts wi

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certa

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKe