83 matches found
CVE-2023-46669 Elastic Agent / Elastic Endpoint Security local API key disclosure
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...
Elastic Agent / Elastic Endpoint Security Security Update (ESA-2025-03)
Elastic Agent / Elastic Endpoint Security local API key disclosure ESA-2025-03 Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was...
Elastic Agent和Elastic Security Endpoint 安全漏洞
Elastic Agent and Elastic Security Endpoint are both products of the Dutch company Elastic.Elastic Agent is a single agent. Logs, metrics, traces, availability, security and other data can be collected from each host.Elastic Security Endpoint is an Endpoint Detection and Response EDR solution bui...
Elastic Agent 安全漏洞
Elastic Agent is a single agent from the Dutch company Elastic. Logs, metrics, traces, availability, security and other data can be collected from each host. A security vulnerability exists in Elastic Agent that stems from an uncontrolled introduction of functionality from untrusted control areas...
PT-2025-18388 · Elastic · Endpoint Security +1
Name of the Vulnerable Software and Affected Versions: Elastic Agent and Elastic Security Endpoint affected versions not specified Description: Exposure of sensitive information to local unauthorized actors can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Th...
CVE-2025-29786 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-contrib, splunk-otel-collector, tempo, coredns-fips, elastic-agent-fips, k8sgpt, opentelemetry-collector, kubeflow-pipelines, argo-cd, coredns, tempo-fips, argo-workflows-fips, opentelemetry-collector-fips, argo-rollouts, grafana-alloy-fips,...
GHSA-93MQ-9FFX-83M2 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-contrib, splunk-otel-collector, tempo, coredns-fips, elastic-agent-fips, k8sgpt, opentelemetry-collector, kubeflow-pipelines, argo-cd, coredns, tempo-fips, argo-workflows-fips, opentelemetry-collector-fips, argo-rollouts, grafana-alloy-fips,...
The vulnerability of the server software for managing Elastic Agent agents, known as Elastic Fleet Server, stems from deficiencies in access control. This allows a malicious individual to disclose sensitive information that is protected by this system.
The vulnerability of the server software for managing Elastic Agent agents in Elastic Fleet Server is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
BIT-KIBANA-2024-43707 Kibana exposure of sensitive information to an unauthorized actor
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
BIT-ELK-2024-43707 Kibana exposure of sensitive information to an unauthorized actor
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
CVE-2024-43707
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
CVE-2024-43707
CVE-2024-43707 describes a Kibana issue where a user who lacks Fleet access can view Elastic Agent policies, potentially exposing sensitive information depending on enabled integrations and Elastic Agent versions. The impact is confidentiality-focused, with the CVSS and sector summaries indicatin...
CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
Elastic Fleet Server 信息泄露漏洞
Elastic Fleet Server is a component of Elastic Netherlands that connects Elastic Agent to Fleet. A security vulnerability exists in Elastic Fleet Server that stems from queuing policies being logged at the INFO and ERROR log levels, resulting in the exposure of logs that may contain sensitive...
Elastic Kibana 信息泄露漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that originates from a user who does not have access to Fleet viewing Elastic Agent policies that may contain sensitive information...
PT-2024-10387 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Elastic Kibana versions 8.0.0 through 8.15.0 Description: An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information...
CVE-2024-37283
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...
CVE-2024-37283 Elastic Agent Insertion of Sensitive Information into Log File
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...