An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737 | Release Notes |
https://www.elastic.co/community/security | Vendor Advisory |
https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737 | Release Notes |
https://www.elastic.co/community/security | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 01:15
Updated : 2024-11-21 08:29
NVD link : CVE-2023-46667
Mitre link : CVE-2023-46667
CVE.ORG link : CVE-2023-46667
JSON object : View
Products Affected
elastic
- fleet_server
CWE
CWE-532
Insertion of Sensitive Information into Log File