GHSA-vfp4-xx6m-7vf6

Suggest an improvement
Source
https://github.com/advisories/GHSA-vfp4-xx6m-7vf6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-vfp4-xx6m-7vf6/GHSA-vfp4-xx6m-7vf6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vfp4-xx6m-7vf6
Aliases
  • CVE-2020-7010
Published
2022-02-15T01:57:18Z
Modified
2024-02-12T15:33:39Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Cryptographic Issues in ECK
Details

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

Database specific 
{
    "nvd_published_at": "2020-06-03T18:15:22Z",
    "cwe_ids": [
        "CWE-335"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-13T20:25:19Z"
}
References

Affected packages

Go / github.com/elastic/cloud-on-k8s

Package

Name
github.com/elastic/cloud-on-k8s
View open source insights on deps.dev
Purl
pkg:golang/github.com/elastic/cloud-on-k8s

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0