CVE-2023-31417Log File Information Exposure in Elasticsearch

CWE-532Log File Information Exposure6 documents5 sources
Severity
4.4MEDIUMNVD
CNA4.1
EPSS
0.1%
top 83.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Elasticsearch
Timeline
PublishedOct 26

Description

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bod

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elasticsearch7.0.07.17.12+1
NVDelastic/elasticsearch7.0.07.17.12+1

🔴Vulnerability Details

4
OSV
CVE-2023-31417: Elasticsearch generally filters out sensitive information and credentials before logging to the audit log2023-10-26
OSV
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs2023-10-26
GHSA
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs2023-10-26
CVEList
Elasticsearch Insertion of sensitive information in audit logs2023-10-26

📋Vendor Advisories

1
Red Hat
elasticsearch: Sensitive information in audit logs2023-09-06
CVE-2023-31417 — Log File Information Exposure | cvebase