Home > Vulnerability Database > CVE-2023-6687

Mend.io Vulnerability Database

CVE-2023-6687

Good to know:

Date: December 12, 2023

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.

Language: Go

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6687

Url: https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180

Url: https://www.mend.io/vulnerability-database/CVE-2023-6687

Severity Score

6.5

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version v7.17.16,v8.11.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6687

Good to know:

Date: December 12, 2023

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?