CVE-2023-49922
December 12, 2023
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.
Affected Packages
github.com/elastic/beats (GO):
Affected version(s) >=v8.0.0 <v8.11.3Fix Suggestion:
Update to version v8.11.3github.com/elastic/beats/v7 (GO):
Affected version(s) >=v7.0.0 <v7.17.16Fix Suggestion:
Update to version v7.17.16github.com/elastic/beats (GO):
Affected version(s) >=v7.0.0 <v7.17.16Fix Suggestion:
Update to version v7.17.16Related Resources (4)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.2
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Insertion of Sensitive Information into Log File
EPSS
Base Score:
0.44
