CVE-2018-3831
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-3831
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3831.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-3831
- Aliases
- Published
- 2018-09-19T19:29:01.343Z
- Modified
- 2025-11-14T08:51:34.603318Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected versions
v5.*
v5.6.0
v5.6.1
v5.6.10
v5.6.11
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/cfe3d9f611a328cfffc18b445b3aecb016349514",
"target": {
"function": "renderResponse",
"file": "core/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterGetSettingsAction.java"
},
"signature_type": "Function",
"digest": {
"length": 627.0,
"function_hash": "245112205843880558279750546596623543392"
},
"id": "CVE-2018-3831-7bfde369",
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/cfe3d9f611a328cfffc18b445b3aecb016349514",
"target": {
"function": "buildResponse",
"file": "core/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterGetSettingsAction.java"
},
"signature_type": "Function",
"digest": {
"length": 178.0,
"function_hash": "75304332167645952264038636458838984850"
},
"id": "CVE-2018-3831-ad9844ea",
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/cfe3d9f611a328cfffc18b445b3aecb016349514",
"target": {
"file": "core/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterGetSettingsAction.java"
},
"signature_type": "Line",
"digest": {
"line_hashes": [
"6050237913006087601073254437585209538",
"60107012639700574181679274837344128155",
"191985491623229440854892413422071989202",
"257781946815554066480098114691559078424",
"162021931871336335277611178417699507228",
"23533146067636190421457415933876078590",
"166486716429780431734718460423427091230",
"215378831698413253306184269978881240233",
"231673356455399862132121384358453987044",
"244385425659389697684007892909835193709",
"321105069801722557791981137812402290563",
"336015527414474895599322750453760734251",
"60217913526744787811157881069907679513",
"178507123970851705023752893050436715665",
"6108261966285638391720942036084092028",
"294624781573481223266925533903653991191",
"10065298344469674431239282135786861255",
"223202977539096721608570789349325717939",
"149140557998146579917920204755253441503",
"143779210919278777433923788158833267046",
"278196845290163914227463647169457571730",
"206087138854520942778615863726687763384"
],
"threshold": 0.9
},
"id": "CVE-2018-3831-ca6da352",
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/elastic/elasticsearch/commit/cfe3d9f611a328cfffc18b445b3aecb016349514",
"target": {
"function": "prepareRequest",
"file": "core/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestClusterGetSettingsAction.java"
},
"signature_type": "Function",
"digest": {
"length": 676.0,
"function_hash": "53902283460885638904433042963012187388"
},
"id": "CVE-2018-3831-dc55ede5",
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3831.json"