Lucene search
K

67 matches found

Cvelist
Cvelist
added 2023/10/26 12:59 a.m.31 views

CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File

An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...

8.1CVSS8.2AI score0.00473EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.4 views

Elasticsearch Security Vulnerabilities

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from the fact that Beats, Elastic Agent, APM Server, Fleet Server, when used as a TLS client, does not verify that the server certificate is valid for the target IP address...

7.5CVSS6.8AI score0.0027EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.6 views

Elasticsearch Log Information Disclosure Vulnerability

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from an issue found in some versions of Fleet Server where proxy registration tokens are inserted into Fleet Server log files in plain text...

8.1CVSS6.7AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.21 views

PT-2023-30151 · Elastic · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet Server versions 8.10.0 through 8.10.2 Description: An issue was discovered where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into...

8.1CVSS8AI score0.00473EPSS
Exploits0References6
Elastic
Elastic
added 2023/10/10 12:46 p.m.8 views

Fleet Server v8.10.3 Security Update

Fleet Server Insertion of Sensitive Information into Log File ESA-2023-20 An issue was discovered in Fleet Server = v8.10.0 and = v8.10.0 and v8.10.3 Solutions and Mitigations: If an affected version is being utilized then upgrade to Fleet Server v8.10.3 or above. If there are ephemeral container...

8.1CVSS6.3AI score0.00473EPSS
Exploits0
Elastic
Elastic
added 2023/09/19 3:32 p.m.8 views

Beats, Elastic Agent, APM Server, and Fleet Server 8.10.1 Security Update - Improper Certificate Validation issue (ESA-2023-16)

Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue ESA-2023-16 It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,...

7.5CVSS6.9AI score0.0027EPSS
Exploits0
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.5 views

Elasticsearch 安全漏洞

Elasticsearch is a search engine based on the Lucene library. Elasticsearch suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to bypass restrictions via Elasticsearch's Fleet-server service API key in order to escalate his privileges...

8.8CVSS7.9AI score0.00714EPSS
Exploits0References4
Rows per page
Query Builder