67 matches found
CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File
An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...
Elasticsearch Security Vulnerabilities
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from the fact that Beats, Elastic Agent, APM Server, Fleet Server, when used as a TLS client, does not verify that the server certificate is valid for the target IP address...
Elasticsearch Log Information Disclosure Vulnerability
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from an issue found in some versions of Fleet Server where proxy registration tokens are inserted into Fleet Server log files in plain text...
PT-2023-30151 · Elastic · Fleet Server
Name of the Vulnerable Software and Affected Versions: Fleet Server versions 8.10.0 through 8.10.2 Description: An issue was discovered where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into...
Fleet Server v8.10.3 Security Update
Fleet Server Insertion of Sensitive Information into Log File ESA-2023-20 An issue was discovered in Fleet Server = v8.10.0 and = v8.10.0 and v8.10.3 Solutions and Mitigations: If an affected version is being utilized then upgrade to Fleet Server v8.10.3 or above. If there are ephemeral container...
Beats, Elastic Agent, APM Server, and Fleet Server 8.10.1 Security Update - Improper Certificate Validation issue (ESA-2023-16)
Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue ESA-2023-16 It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,...
Elasticsearch 安全漏洞
Elasticsearch is a search engine based on the Lucene library. Elasticsearch suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to bypass restrictions via Elasticsearch's Fleet-server service API key in order to escalate his privileges...