Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-46671
HistoryDec 13, 2023 - 7:15 a.m.

Code injection

2023-12-1307:15:00
PRIOn knowledge base
www.prio-n.com
4
code injection
elastic
kibana 8.11.1
security vulnerability
error logging
kibana system user
api keys
cluster errors

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).

CPENameOperatorVersion
kibanage8.0.0
kibanalt8.11.1

Related

nvd 1
cvelist 1
nessus 1
openvas 1
cve 1
redhatcve 1
veracode 1
nvd
nvd
CVE-2023-46671
2023-12-13 07:15:22
cvelist
cvelist
CVE-2023-46671 Kibana Insertion of Sensitive Information into Log File
2023-12-13 06:57:59
nessus
nessus
Elastic Kibana 8.x < 8.11.1 Information Disclosure (ESA-2023-25)
2023-11-29 00:00:00
openvas
openvas
Elastic Kibana 8.0.x < 8.11.1 Information Disclosure Vulnerability (ESA-2023-25)
2023-11-16 00:00:00
cve
cve
CVE-2023-46671
2023-12-13 07:15:22
redhatcve
redhatcve
CVE-2023-46671
2023-11-24 04:21:38
veracode
veracode
Sensitive Information Leak
2023-11-30 12:45:45

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON
Related for PRION:CVE-2023-46671
nvd1cvelist1nessus1openvas1cve1redhatcve1veracode1