CVE-2023-46671

2023-11-2404:21:38

redhat.com

access.redhat.com

cve-2023-46671

kibana

log files

sensitive information

account credentials

api keys

end-users

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON

A flaw was found in Kibana, where exposure of sensitive information in log files may occur. In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibana_system 64 user, API Keys, and credentials of Kibana end-users.