Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for fleet_server by elastic

    CVE-2023-46667 (GCVE-0-2023-46667)

    Vulnerability from nvd – Published: 2023-10-26 00:59 – Updated: 2024-09-09 15:53
    VLAI
    Title
    Fleet Server Insertion of Sensitive Information into Log File
    Summary
    An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Fleet Server Affected: 8.10.0 , < 8.10.3 (semver)
    Create a notification for this product.
    elastic fleet_server Affected: 8.10.0 , < 8.10.3 (semver)
        cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-10 12:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:21.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fleet_server",
                "vendor": "elastic",
                "versions": [
                  {
                    "lessThan": "8.10.3",
                    "status": "affected",
                    "version": "8.10.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46667",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T15:47:02.345938Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T15:53:29.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Fleet Server",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThan": "8.10.3",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T12:46:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An issue was discovered in Fleet Server \u0026gt;= v8.10.0 and \u0026lt; v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
                }
              ],
              "value": "An issue was discovered in Fleet Server \u003e= v8.10.0 and \u003c v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T00:59:36.713Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
            },
            {
              "url": "https://www.elastic.co/community/security"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Fleet Server Insertion of Sensitive Information into Log File",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2023-46667",
        "datePublished": "2023-10-26T00:59:36.713Z",
        "dateReserved": "2023-10-24T17:28:32.185Z",
        "dateUpdated": "2024-09-09T15:53:29.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46667 (GCVE-0-2023-46667)

    Vulnerability from cvelistv5 – Published: 2023-10-26 00:59 – Updated: 2024-09-09 15:53
    VLAI
    Title
    Fleet Server Insertion of Sensitive Information into Log File
    Summary
    An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Fleet Server Affected: 8.10.0 , < 8.10.3 (semver)
    Create a notification for this product.
    elastic fleet_server Affected: 8.10.0 , < 8.10.3 (semver)
        cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-10 12:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:21.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fleet_server",
                "vendor": "elastic",
                "versions": [
                  {
                    "lessThan": "8.10.3",
                    "status": "affected",
                    "version": "8.10.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46667",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T15:47:02.345938Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T15:53:29.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Fleet Server",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThan": "8.10.3",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T12:46:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An issue was discovered in Fleet Server \u0026gt;= v8.10.0 and \u0026lt; v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
                }
              ],
              "value": "An issue was discovered in Fleet Server \u003e= v8.10.0 and \u003c v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T00:59:36.713Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
            },
            {
              "url": "https://www.elastic.co/community/security"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Fleet Server Insertion of Sensitive Information into Log File",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2023-46667",
        "datePublished": "2023-10-26T00:59:36.713Z",
        "dateReserved": "2023-10-24T17:28:32.185Z",
        "dateUpdated": "2024-09-09T15:53:29.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }