CVE-2023-46675Log File Information Exposure in Kibana

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
CNA8.0
EPSS
0.2%
top 62.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedDec 13

Description

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party i

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/kibana7.13.07.17.16+1
NVDelastic/kibana7.13.07.17.16+1

🔴Vulnerability Details

2
GHSA
GHSA-6g3x-hhx6-885v: An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug l2023-12-13
CVEList
Kibana Insertion of Sensitive Information into Log File2023-12-13
CVE-2023-46675 — Log File Information Exposure | cvebase