CVE-2023-31422Log File Information Exposure in Kibana

CWE-532Log File Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
CNA9.0
EPSS
0.3%
top 50.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedOct 26

Description

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query p

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/kibana8.10.0
NVDelastic/kibana8.10.0

🔴Vulnerability Details

2
GHSA
GHSA-7rvg-gjgp-95j7: An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error2023-10-26
CVEList
Kibana Insertion of Sensitive Information into Log File2023-10-26

📋Vendor Advisories

1
Red Hat
kibana: Kibana Insertion of Sensitive Information into Log File2023-10-26
CVE-2023-31422 — Log File Information Exposure | cvebase