Inclusion of sensitive information in log files in Enterprise Search

#VU84393 Inclusion of sensitive information in log files in Enterprise Search

Cybersecurity Help s.r.o.

Published: 2023-12-13

Vulnerability identifier: #VU84393

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49923

CWE-ID: CWE-532

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Enterprise Search
Server applications / Database software

Vendor: Elastic Stack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. A remote user can view the log files and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Enterprise Search: 7.7.0 - 7.17.15, 8.0.0 - 8.11.1

External links
http://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181
http://www.elastic.co/community/security#ESA-2023-31

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Inclusion of sensitive information in log files in Elastic Enterprise Search