CVE-2023-6687Log File Information Exposure in Agent

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
CNA6.8
EPSS
0.4%
top 39.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Agent
Timeline
PublishedDec 12

Description

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG le

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elastic_agent7.0.0, 8.0.07.17.16, 8.11.3
NVDelastic/elastic_agent7.0.07.17.16+1

🔴Vulnerability Details

2
CVEList
Elastic Agent Insertion of Sensitive Information into Log File2023-12-12
GHSA
GHSA-xqc7-q7jr-cg3w: An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to E2023-12-12
CVE-2023-6687 — Log File Information Exposure | cvebase