Elasticsearch Repository-Azure Plugin Vulnerability: Inadvertent Logging of Azure Credentials

Elasticsearch Repository-Azure Plugin Vulnerability: Inadvertent Logging of Azure Credentials

CVE-2018-3827 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

Learn more about our Azure Audit.