CVE-2023-46667

Published: Oct 26, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.

Affected (1)

Products: Elastic: Fleet Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elastic Fleet Server	From 8.10.0 to 8.10.3

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737

Source: security@elastic.co

Release Notes

https://www.elastic.co/community/security

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.elastic.co/community/security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.