{"vulnerability": "CVE-2022-2371", "sightings": [{"uuid": "765fe0ab-5755-48e5-8b24-b2dcd07eda4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23712", "type": "seen", "source": "https://t.me/cibsecurity/43881", "content": "\u203c CVE-2022-23712 \u203c\n\nA Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-06T22:30:22.000000Z"}, {"uuid": "96f86edf-31ce-4da4-ad00-42606d9748b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23716", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23716\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.\n\ud83d\udccf Published: 2022-09-28T19:34:00.000Z\n\ud83d\udccf Modified: 2025-05-21T14:23:08.842Z\n\ud83d\udd17 References:\n1. https://www.elastic.co/community/security/\n2. https://discuss.elastic.co/t/elastic-cloud-enterprise-3-1-1-security-update/315317", "creation_timestamp": "2025-05-21T14:50:52.000000Z"}, {"uuid": "af575b6e-cf0e-4a1a-a4ea-6397383d6322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23716", "type": "seen", "source": "https://t.me/cibsecurity/50631", "content": "\u203c CVE-2022-23716 \u203c\n\nA flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T00:34:36.000000Z"}, {"uuid": "399c1b4f-958a-4a4e-9ec0-ef207c088fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23711", "type": "seen", "source": "https://t.me/cibsecurity/41251", "content": "\u203c CVE-2022-23711 \u203c\n\nA vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-21T22:27:08.000000Z"}, {"uuid": "59e24f73-74a5-43a9-9562-c54260b1b0dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23710", "type": "seen", "source": "https://t.me/cibsecurity/38389", "content": "\u203c CVE-2022-23710 \u203c\n\nA cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim\u00e2\u20ac\u2122s browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T00:26:25.000000Z"}]}