Vulnerability-Lookup

CVE-2023-6687 (GCVE-0-2023-6687)

Vulnerability from cvelistv5 – Published: 2023-12-12 18:28 – Updated: 2024-08-02 08:35

Title

Elastic Agent Insertion of Sensitive Information into Log File

Summary

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Assigner

elastic

References

URL

	Vendor	Product	Version
	Elastic	Elastic Agent	Affected: 7.0.0, 8.0.0 , < 7.17.16, 8.11.3 (semver)

GHSA-XQC7-Q7JR-CG3W

Vulnerability from github – Published: 2023-12-12 21:31 – Updated: 2023-12-12 21:31

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-6687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-12T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.",
  "id": "GHSA-xqc7-q7jr-cg3w",
  "modified": "2023-12-12T21:31:13Z",
  "published": "2023-12-12T21:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6687"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-6687

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-6687

Aliases

CVE-2023-6687

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-6687",
    "id": "GSD-2023-6687"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-6687"
      ],
      "details": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.",
      "id": "GSD-2023-6687",
      "modified": "2023-12-13T01:20:32.587906Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@elastic.co",
        "ID": "CVE-2023-6687",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Elastic Agent",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.0.0, 8.0.0",
                          "version_value": "7.17.16, 8.11.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Elastic"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-532",
                "lang": "eng",
                "value": "CWE-532 Insertion of Sensitive Information into Log File"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180",
            "refsource": "MISC",
            "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5F396842-37AD-4E18-9477-47001EF69314",
                    "versionEndExcluding": "7.17.16",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D1345D08-E070-43B9-83F1-68F32FA619EF",
                    "versionEndExcluding": "8.11.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
          },
          {
            "lang": "es",
            "value": "Elastic descubri\u00f3 un problema por el cual Elastic Agent registraba un evento sin formato en sus propios registros en el nivel WARN o ERROR si fallaba la ingesta de ese evento en Elasticsearch con cualquier c\u00f3digo de estado HTTP 4xx excepto 409 o 429. Dependiendo de la naturaleza del evento, el Agente El\u00e1stico intent\u00f3 ingerir, esto podr\u00eda llevar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros del Agente El\u00e1stico. Elastic lanz\u00f3 8.11.3 y 7.17.16 que evitan este problema al limitar estos tipos de registros al registro de nivel DEBUG, que est\u00e1 deshabilitado de forma predeterminada."
          }
        ],
        "id": "CVE-2023-6687",
        "lastModified": "2023-12-19T15:20:04.910",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 4.0,
              "source": "bressers@elastic.co",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-12T19:15:08.510",
        "references": [
          {
            "source": "bressers@elastic.co",
            "tags": [
              "Mitigation",
              "Vendor Advisory"
            ],
            "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
          }
        ],
        "sourceIdentifier": "bressers@elastic.co",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-532"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-532"
              }
            ],
            "source": "bressers@elastic.co",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-6687

Vulnerability from fkie_nvd - Published: 2023-12-12 19:15 - Updated: 2024-11-21 08:44

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@elastic.co	https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	elastic	elastic_agent	*
	elastic	elastic_agent	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F396842-37AD-4E18-9477-47001EF69314",
              "versionEndExcluding": "7.17.16",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1345D08-E070-43B9-83F1-68F32FA619EF",
              "versionEndExcluding": "8.11.3",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default."
    },
    {
      "lang": "es",
      "value": "Elastic descubri\u00f3 un problema por el cual Elastic Agent registraba un evento sin formato en sus propios registros en el nivel WARN o ERROR si fallaba la ingesta de ese evento en Elasticsearch con cualquier c\u00f3digo de estado HTTP 4xx excepto 409 o 429. Dependiendo de la naturaleza del evento, el Agente El\u00e1stico intent\u00f3 ingerir, esto podr\u00eda llevar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros del Agente El\u00e1stico. Elastic lanz\u00f3 8.11.3 y 7.17.16 que evitan este problema al limitar estos tipos de registros al registro de nivel DEBUG, que est\u00e1 deshabilitado de forma predeterminada."
    }
  ],
  "id": "CVE-2023-6687",
  "lastModified": "2024-11-21T08:44:20.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "security@elastic.co",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-12T19:15:08.510",
  "references": [
    {
      "source": "security@elastic.co",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
    }
  ],
  "sourceIdentifier": "security@elastic.co",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "security@elastic.co",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2023-AVI-1017

Vulnerability from certfr_avis - Published: 2023-12-13 - Updated: 2023-12-13

De multiples vulnérabilités ont été découvertes dans les produits ElasticSearch. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Elastic	Elasticsearch	ElasticSearch versions 8.x.x antérieures à 8.11.2
Elastic	Elasticsearch	Elastic Agent versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Beats versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Enterprise Search versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Elastic Agent versions 8.x.x antérieures à 8.11.3
Elastic	Elasticsearch	Beats versions 8.x.x antérieures à 8.11.3
Elastic	Elasticsearch	ElasticSearch versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Kibana versions 8.x.x antérieures à 8.11.2
Elastic	Elasticsearch	Kibana versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Enterprise Search versions 8.x.x antérieures à 8.11.2

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-6687 (GCVE-0-2023-6687)

GHSA-XQC7-Q7JR-CG3W

GSD-2023-6687

FKIE_CVE-2023-6687

CERTFR-2023-AVI-1017

Solution

Tags

Sightings

Nomenclature