SB2023121332 - Inclusion of sensitive information in log files in Elastic Beats

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-49922)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. Beats and Elastic Agent would log a raw event in its own logs at the `WARN` or `ERROR` level if ingesting that event to Elasticsearch failed with any `4xx HTTP` status code except `409` or `429`. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. A local user can read the log files and gain access to sensitive data.

2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-6687)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. Beats and Elastic Agent would log a raw event in its own logs at the `WARN` or `ERROR` level if ingesting that event to Elasticsearch failed with any `4xx HTTP` status code except `409` or `429`. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. A local user can read the log files and gain access to sensitive data.

Remediation

Install update from vendor's website.

References

• https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180
• https://www.elastic.co/community/security#ESA-2023-30