#VU93635 Inclusion of Sensitive Information in Log Files in Elastic Endpoint - CVE-2023-46668

Cybersecurity Help s.r.o.

Published: 2024-07-02

Vulnerability identifier: #VU93635

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-46668

CWE-ID: CWE-532

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Elastic Endpoint
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Elastic Stack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files if Elastic Endpoint is configured to use a non-default option in which the logging level is explicitly set to debug. A remote user can obtain Elastic Agent API keys in plain text.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Elastic Endpoint: 7.9.0 - 8.10.3

External links
https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Inclusion of sensitive information into log files in Elastic Endpoint