CVE-2023-46668

If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203	Release Notes
https://www.elastic.co/community/security	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:endpoint:*:*:*:*:*:*:*:*

History

06 Nov 2023, 16:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:elastic:endpoint::::::::
First Time		Elastic endpoint Elastic
References	~~(MISC) https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203 -~~	(MISC) https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203 - Release Notes
References	~~(MISC) https://www.elastic.co/community/security -~~	(MISC) https://www.elastic.co/community/security - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CWE		CWE-532

26 Oct 2023, 11:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-26 00:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-46668

Mitre link : CVE-2023-46668

CVE.ORG link : CVE-2023-46668

JSON object : View

Products Affected

elastic

endpoint

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2023-46668", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2023-10-26T00:15:12.150", "references": [{"url": "https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203", "tags": ["Release Notes"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Mitigation", "Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts."}, {"lang": "es", "value": "Si Elastic Endpoint (v7.9.0 - v8.10.3) est\u00e1 configurado para usar una opci\u00f3n no predeterminada en la que el nivel de log est\u00e1 configurado expl\u00edcitamente en debug, y cuando Elastic Agent est\u00e1 configurado simult\u00e1neamente para recopilar y enviar esos registros a Elasticsearch, entonces las claves de API del Agente Elastic se pueden ver en Elasticsearch en texto plano. Estas claves API podr\u00edan usarse para escribir datos arbitrarios y leer artefactos de usuario de Elastic Endpoint."}], "lastModified": "2023-11-06T16:37:50.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:endpoint:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542BBFE6-D7B0-4956-BDFB-F83E3B188F93", "versionEndIncluding": "8.10.3", "versionStartIncluding": "7.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}