CVE-2020-7010
Cryptographic Issues in ECK
7.5
HIGH
CVSS 3.1
EPSS 0.35%
Description
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
How to fix CVE-2020-7010
To remediate CVE-2020-7010, upgrade the affected package to a fixed version below.
- —upgrade to 1.1.0 or later
Is CVE-2020-7010 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |