CVE-2023-31413Sensitive Information Exposure in Filebeat

CWE-200Sensitive Information ExposureCWE-532Log File Information Exposure3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 76.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Filebeat
Timeline
PublishedMay 4

Description

Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDelastic/filebeat7.17.9+1
CVEListV5elastic/filebeatversions through 7.17.9 and 8.6.2

🔴Vulnerability Details

2
CVEList
CVE-2023-31413: Filebeat versions through 72023-05-04
GHSA
GHSA-j8h4-w7cf-hch5: Filebeat versions through 72023-05-04
CVE-2023-31413 — Sensitive Information Exposure | cvebase