Lucene search
+L

83 matches found

OSV
OSV
added 2025/05/01 12:59 p.m.5 views

CVE-2023-46669 Elastic Agent / Elastic Endpoint Security local API key disclosure

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

6.2CVSS6.4AI score0.00153EPSS
Exploits0References3
Elastic
Elastic
added 2025/05/01 10:6 a.m.11 views

Elastic Agent / Elastic Endpoint Security Security Update (ESA-2025-03)

Elastic Agent / Elastic Endpoint Security local API key disclosure ESA-2025-03 Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was...

7.1CVSS6.2AI score0.00153EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

Elastic Agent和Elastic Security Endpoint 安全漏洞

Elastic Agent and Elastic Security Endpoint are both products of the Dutch company Elastic.Elastic Agent is a single agent. Logs, metrics, traces, availability, security and other data can be collected from each host.Elastic Security Endpoint is an Endpoint Detection and Response EDR solution bui...

7.1CVSS5.9AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

Elastic Agent 安全漏洞

Elastic Agent is a single agent from the Dutch company Elastic. Logs, metrics, traces, availability, security and other data can be collected from each host. A security vulnerability exists in Elastic Agent that stems from an uncontrolled introduction of functionality from untrusted control areas...

7.8CVSS6.8AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.8 views

PT-2025-18388 · Elastic · Endpoint Security +1

Name of the Vulnerable Software and Affected Versions: Elastic Agent and Elastic Security Endpoint affected versions not specified Description: Exposure of sensitive information to local unauthorized actors can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Th...

6.2CVSS5.9AI score0.00153EPSS
Exploits0References4
Chainguard
Chainguard
added 2025/03/18 10:12 p.m.47 views

CVE-2025-29786 vulnerabilities

Vulnerabilities for packages: opentelemetry-collector-contrib, splunk-otel-collector, tempo, coredns-fips, elastic-agent-fips, k8sgpt, opentelemetry-collector, kubeflow-pipelines, argo-cd, coredns, tempo-fips, argo-workflows-fips, opentelemetry-collector-fips, argo-rollouts, grafana-alloy-fips,...

7.5CVSS7.1AI score0.00577EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/18 10:12 p.m.17 views

GHSA-93MQ-9FFX-83M2 vulnerabilities

Vulnerabilities for packages: opentelemetry-collector-contrib, splunk-otel-collector, tempo, coredns-fips, elastic-agent-fips, k8sgpt, opentelemetry-collector, kubeflow-pipelines, argo-cd, coredns, tempo-fips, argo-workflows-fips, opentelemetry-collector-fips, argo-rollouts, grafana-alloy-fips,...

5.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/01/30 12:0 a.m.6 views

The vulnerability of the server software for managing Elastic Agent agents, known as Elastic Fleet Server, stems from deficiencies in access control. This allows a malicious individual to disclose sensitive information that is protected by this system.

The vulnerability of the server software for managing Elastic Agent agents in Elastic Fleet Server is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

9CVSS5.4AI score0.00269EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/27 7:12 a.m.8 views

BIT-KIBANA-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.3AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2025/01/27 7:10 a.m.4 views

BIT-ELK-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.3AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 2025/01/23 6:15 a.m.15 views

CVE-2024-43707

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 2025/01/23 6:8 a.m.91 views

CVE-2024-43707

CVE-2024-43707 describes a Kibana issue where a user who lacks Fleet access can view Elastic Agent policies, potentially exposing sensitive information depending on enabled integrations and Elastic Agent versions. The impact is confidentiality-focused, with the CVSS and sector summaries indicatin...

7.7CVSS6.5AI score0.0041EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/23 6:8 a.m.8 views

CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.4AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/23 6:8 a.m.21 views

CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS0.0041EPSS
Exploits0References1
OSV
OSV
added 2025/01/23 6:8 a.m.3 views

CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.1AI score0.0041EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.5 views

Elastic Fleet Server 信息泄露漏洞

Elastic Fleet Server is a component of Elastic Netherlands that connects Elastic Agent to Fleet. A security vulnerability exists in Elastic Fleet Server that stems from queuing policies being logged at the INFO and ERROR log levels, resulting in the exposure of logs that may contain sensitive...

9CVSS6.6AI score0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.7 views

Elastic Kibana 信息泄露漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that originates from a user who does not have access to Fleet viewing Elastic Agent policies that may contain sensitive information...

7.7CVSS6.4AI score0.0041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.8 views

PT-2024-10387 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Elastic Kibana versions 8.0.0 through 8.15.0 Description: An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information...

7.7CVSS6.6AI score0.0041EPSS
Exploits0References22
NVD
NVD
added 2024/08/12 1:38 p.m.11 views

CVE-2024-37283

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...

6.5CVSS0.00563EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/08 11:34 p.m.19 views

CVE-2024-37283 Elastic Agent Insertion of Sensitive Information into Log File

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...

6.5CVSS7AI score0.00563EPSS
Exploits0References1
Rows per page
Query Builder