An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737 | Release Notes |
https://www.elastic.co/community/security | Vendor Advisory |
Configurations
History
03 Nov 2023, 15:38
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.elastic.co/community/security - Vendor Advisory | |
References | (MISC) https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737 - Release Notes | |
CWE | CWE-532 | |
First Time |
Elastic
Elastic fleet Server |
26 Oct 2023, 11:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 01:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-46667
Mitre link : CVE-2023-46667
CVE.ORG link : CVE-2023-46667
JSON object : View
Products Affected
elastic
- fleet_server
CWE
CWE-532
Insertion of Sensitive Information into Log File