CVE-2023-46675

Summary

CVE-2023-46675 is a vulnerability discovered by Elastic that affects Kibana, with a total of 125 hits. The issue allows sensitive information to be recorded in Kibana logs when an error occurs or when debug level logging is enabled. The affected versions can include account credentials for the kibana_system user, API keys, and credentials of Kibana end-users. Additionally, it may expose Elastic Security package policy objects containing private keys, bearer tokens, and sessions of third-party integrations, as well as authorization headers, client secrets, local file paths, and stack traces. The vulnerability can occur in any Kibana instance running an affected version that experiences unexpected errors when communicating with Elasticsearch or under specific circumstances with debug level logging enabled. Elastic has released Kibana 8.11.2 to address this issue. The danger posed to organizations includes the potential exposure of sensitive information and credentials which could be exploited by malicious actors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.