Lucene search

ElasticCVELIST:CVE-2023-46668

HistoryOct 25, 2023 - 11:59 p.m.

CVE-2023-46668 Elastic Endpoint Insertion of Sensitive Information into Log File

2023-10-2523:59:13

CWE-532

elastic

www.cve.org

cve-2023-46668

sensitive information insertion

logging configuration

elastic endpoint

api keys

elasticsearch

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Endpoint",
    "vendor": "Elastic",
    "versions": [
      {
        "status": "affected",
        "version": "7.9.0, 8.10.3"
      }
    ]
  }
]

References

discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203

www.elastic.co/community/security