Search criteria
8 vulnerabilities found for Fleet Server by Elastic
CVE-2024-52975 (GCVE-0-2024-52975)
Vulnerability from cvelistv5 – Published: 2025-01-23 07:19 – Updated: 2025-01-23 14:45
VLAI?
Summary
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
Severity ?
9 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Fleet Server |
Affected:
8.13.0 , < 8.15.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T14:45:36.603244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T14:45:48.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fleet Server",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.15.0",
"status": "affected",
"version": "8.13.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-01-23T06:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.\u003cbr\u003e"
}
],
"value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T07:19:39.170Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fleet Server sensitive information exposure via logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2024-52975",
"datePublished": "2025-01-23T07:19:39.170Z",
"dateReserved": "2024-11-18T14:48:22.150Z",
"dateUpdated": "2025-01-23T14:45:48.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31421 (GCVE-0-2023-31421)
Vulnerability from cvelistv5 – Published: 2023-10-26 03:10 – Updated: 2024-08-02 14:53
VLAI?
Summary
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Elastic | Beats |
Affected:
8.0.0, 8.9.2
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Beats",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elastic Agent",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "APM Server",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fleet Server",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
}
],
"datePublic": "2023-09-19T15:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIt was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\u0027s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.\u003c/span\u003e"
}
],
"value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\u0027s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T03:10:52.684Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"
},
{
"url": "https://www.elastic.co/community/security"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2023-31421",
"datePublished": "2023-10-26T03:10:52.684Z",
"dateReserved": "2023-04-27T18:54:56.705Z",
"dateUpdated": "2024-08-02T14:53:30.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46667 (GCVE-0-2023-46667)
Vulnerability from cvelistv5 – Published: 2023-10-26 00:59 – Updated: 2024-09-09 15:53
VLAI?
Summary
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
Severity ?
8.1 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Fleet Server |
Affected:
8.10.0 , < 8.10.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fleet_server",
"vendor": "elastic",
"versions": [
{
"lessThan": "8.10.3",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T15:47:02.345938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T15:53:29.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fleet Server",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.10.3",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-10T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue was discovered in Fleet Server \u0026gt;= v8.10.0 and \u0026lt; v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
}
],
"value": "An issue was discovered in Fleet Server \u003e= v8.10.0 and \u003c v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T00:59:36.713Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"url": "https://www.elastic.co/community/security"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fleet Server Insertion of Sensitive Information into Log File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2023-46667",
"datePublished": "2023-10-26T00:59:36.713Z",
"dateReserved": "2023-10-24T17:28:32.185Z",
"dateUpdated": "2024-09-09T15:53:29.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52975 (GCVE-0-2024-52975)
Vulnerability from nvd – Published: 2025-01-23 07:19 – Updated: 2025-01-23 14:45
VLAI?
Summary
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
Severity ?
9 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Fleet Server |
Affected:
8.13.0 , < 8.15.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T14:45:36.603244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T14:45:48.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fleet Server",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.15.0",
"status": "affected",
"version": "8.13.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-01-23T06:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.\u003cbr\u003e"
}
],
"value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T07:19:39.170Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fleet Server sensitive information exposure via logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2024-52975",
"datePublished": "2025-01-23T07:19:39.170Z",
"dateReserved": "2024-11-18T14:48:22.150Z",
"dateUpdated": "2025-01-23T14:45:48.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31421 (GCVE-0-2023-31421)
Vulnerability from nvd – Published: 2023-10-26 03:10 – Updated: 2024-08-02 14:53
VLAI?
Summary
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Elastic | Beats |
Affected:
8.0.0, 8.9.2
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Beats",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elastic Agent",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "APM Server",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fleet Server",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "8.0.0, 8.9.2"
}
]
}
],
"datePublic": "2023-09-19T15:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIt was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\u0027s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.\u003c/span\u003e"
}
],
"value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\u0027s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T03:10:52.684Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"
},
{
"url": "https://www.elastic.co/community/security"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2023-31421",
"datePublished": "2023-10-26T03:10:52.684Z",
"dateReserved": "2023-04-27T18:54:56.705Z",
"dateUpdated": "2024-08-02T14:53:30.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46667 (GCVE-0-2023-46667)
Vulnerability from nvd – Published: 2023-10-26 00:59 – Updated: 2024-09-09 15:53
VLAI?
Summary
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
Severity ?
8.1 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Fleet Server |
Affected:
8.10.0 , < 8.10.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fleet_server",
"vendor": "elastic",
"versions": [
{
"lessThan": "8.10.3",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T15:47:02.345938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T15:53:29.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fleet Server",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.10.3",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-10T12:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue was discovered in Fleet Server \u0026gt;= v8.10.0 and \u0026lt; v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
}
],
"value": "An issue was discovered in Fleet Server \u003e= v8.10.0 and \u003c v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T00:59:36.713Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
},
{
"url": "https://www.elastic.co/community/security"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fleet Server Insertion of Sensitive Information into Log File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2023-46667",
"datePublished": "2023-10-26T00:59:36.713Z",
"dateReserved": "2023-10-24T17:28:32.185Z",
"dateUpdated": "2024-09-09T15:53:29.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-0062
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Kibana versions 7.x ant\u00e9rieures \u00e0 7.17.23",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.x ant\u00e9rieures \u00e0 8.15.0",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Fleet Server versions ant\u00e9rieures \u00e0 8.15.0",
"product": {
"name": "Fleet Server",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43708"
},
{
"name": "CVE-2024-43707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43707"
},
{
"name": "CVE-2024-43710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43710"
},
{
"name": "CVE-2024-52975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52975"
},
{
"name": "CVE-2024-52972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52972"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0062",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
"vendor_advisories": [
{
"published_at": "2025-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-31",
"url": "https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522"
},
{
"published_at": "2025-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-33",
"url": "https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548"
},
{
"published_at": "2025-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-29 et ESA-2024-30",
"url": "https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521"
}
]
}