Elastic Fleet Server
By the Year
In 2023 there have been 1 vulnerability in Elastic Fleet Server with an average score of 8.1 out of ten. Fleet Server did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
It may take a day or so for new Fleet Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Elastic Fleet Server Security Vulnerabilities
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Servers log file in plain text
8.1 - High
- October 26, 2023
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Servers log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
Insertion of Sensitive Information into Log File