The vulnerability of the server software for managing Elastic Agent agents, known as Elastic Fleet Server, stems from deficiencies in access control. This allows a malicious individual to disclose sensitive information that is protected by this system.

The vulnerability of the server software for managing Elastic Agent agents in Elastic Fleet Server is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

Elastic Fleet Server 信息泄露漏洞

Elastic Fleet Server is a component of Elastic Netherlands that connects Elastic Agent to Fleet. A security vulnerability exists in Elastic Fleet Server that stems from queuing policies being logged at the INFO and ERROR log levels, resulting in the exposure of logs that may contain sensitive...

Vulnerabilities include agents for data collection and delivery in Elasticsearch or Logstash Elastic Beats, agents for collecting metrics in Elastic Agent, server software for monitoring and analyzing application performance in Elastic APM Server, server software for managing agents in Elastic Fleet Server. Issues also involve errors in the TLS certificate validation process, allowing attackers to establish connections with invalid server certificates.

The vulnerability affects agents for data collection and delivery in Elasticsearch or Logstash Elastic Beats, agents for collecting metrics in Elastic Agent, server software for monitoring and analyzing application performance in Elastic APM Server, and server software for managing agents in...