71 matches found
CVE-2024-52975
The CVE-2024-52975 issue affects Elastic Fleet Server. Concrete details indicate that policies stored in Fleet Server could contain sensitive information and are logged at INFO/ERROR levels, with exposure depending on enabled integrations. From the Elastic ESA-2024-31 advisory (and related source...
Elastic Fleet Server 信息泄露漏洞
Elastic Fleet Server is a component of Elastic Netherlands that connects Elastic Agent to Fleet. A security vulnerability exists in Elastic Fleet Server that stems from queuing policies being logged at the INFO and ERROR log levels, resulting in the exposure of logs that may contain sensitive...
Fleet Server 8.15.0 Security Update ( ESA-2024-31)
Fleet Server sensitive information exposure via logs ESA-2024-31 An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled...
PT-2024-10386 · Unknown · Fleet Server
Name of the Vulnerable Software and Affected Versions: Fleet Server versions are not explicitly specified in the provided descriptions, but based on the available information, the issue is identified in Fleet Server. Description: An issue was identified in Fleet Server where Fleet policies that...
CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...
CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...
PT-2024-5984 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious us...
BIT-ELASTICSEARCH-2021-37937 Elasticsearch privilege escalation
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...
Vulnerabilities include agents for data collection and delivery in Elasticsearch or Logstash Elastic Beats, agents for collecting metrics in Elastic Agent, server software for monitoring and analyzing application performance in Elastic APM Server, server software for managing agents in Elastic Fleet Server. Issues also involve errors in the TLS certificate validation process, allowing attackers to establish connections with invalid server certificates.
The vulnerability affects agents for data collection and delivery in Elasticsearch or Logstash Elastic Beats, agents for collecting metrics in Elastic Agent, server software for monitoring and analyzing application performance in Elastic APM Server, and server software for managing agents in...
CVE-2021-37937
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...
CVE-2021-37937
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...
CVE-2021-37937
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...
UBUNTU-CVE-2021-37937
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...
CVE-2021-37937
CVE-2021-37937 affects Elastic Stack components where API keys created under a Fleet-Server service account could be issued with higher privileges, allowing a compensated service account to escalate to a super-user. Affected: Elasticsearch/Fleet integration in Elastic Stack; Root cause: API key c...
CVE-2021-37937 Elasticsearch privilege escalation
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...
PT-2023-12331 · Unknown · Fleet Server
Name of the Vulnerable Software and Affected Versions: Fleet-Server affected versions not specified Description: An issue was found with how API keys are created with the Fleet-Server service account, allowing a compromised Fleet-Server service account to potentially escalate themselves to a...
CVE-2023-31421
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...
CVE-2023-31421
CVE-2023-31421 affects Beats, Elastic Agent, APM Server, and Fleet Server when acting as TLS clients: if configured to connect to an IP address, the client does not validate the server certificate’s IP SAN against that IP, though certificate signature validation runs. This can allow a connection ...
CVE-2023-31421 Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...
CVE-2023-46667
An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...