CVE-2023-46667Log File Information Exposure in Fleet Server

CWE-532Log File Information Exposure3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 55.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Fleet Server
Timeline
PublishedOct 26

Description

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5elastic/fleet_server8.10.08.10.3
NVDelastic/fleet_server8.10.08.10.3

🔴Vulnerability Details

2
GHSA
GHSA-wv9p-64pj-gq2g: An issue was discovered in Fleet Server >= v82023-10-26
CVEList
Fleet Server Insertion of Sensitive Information into Log File2023-10-26
CVE-2023-46667 — Log File Information Exposure | cvebase