Elastic Endpoint Debug-Logging Exposes Agent API Keys (v7.9.0 v8.10.3)
CVE-2023-46668 Published on October 26, 2023

Elastic Endpoint Insertion of Sensitive Information into Log File
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.

NVD

Vulnerability Analysis

CVE-2023-46668 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.


Products Associated with CVE-2023-46668

Want to know whenever a new CVE is published for Elastic Endpoint? stack.watch will email you.

Elastic Endpoint
 

Affected Versions

Elastic Endpoint Version 7.9.0, 8.10.3 is affected by CVE-2023-46668

Exploit Probability

EPSS
0.40%
Percentile
60.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.