CVE-2023-46669
published 2025-05-01CVE-2023-46669: Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and…
PriorityP432high7.1CVSS 3.1
AVLACLPRLUINSUCHIHAN
EPSS
0.15%
4.8th percentile
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elastic_agent | < 8.15.0 | 8.15.0 |
| elastic | elastic_agent_and_elastic_defend | >= 8.0.0 < 8.15.0 | 8.15.0 |
| elastic | endpoint_security | < 8.15.0 | 8.15.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-01
Published