6.8

CVE-2023-49923

EPSS 0.49%
Veröffentlicht 12.12.2023 18:15:23
Zuletzt bearbeitet 21.11.2024 08:34:00
Quelle bressers@elastic.co
Teams Watchlist Login
Unerledigt Login

 An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elastic ≫ Enterprise Search Version >= 7.0.0 < 7.17.16

Elastic ≫ Enterprise Search Version >= 8.0.0 < 8.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.645

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
bressers@elastic.co	6.8	2.3	4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.elastic.co/community/security

Vendor Advisory

https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-49923

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49923

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49923

EUVD