CVE-2023-46675

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Dec 13, 2023
Updated: Dec 18, 2023
CWE ID 532

Summary

CVE-2023-46675 is a vulnerability discovered by Elastic that affects Kibana, with a total of 125 hits. The issue allows sensitive information to be recorded in Kibana logs when an error occurs or when debug level logging is enabled. The affected versions can include account credentials for the kibana_system user, API keys, and credentials of Kibana end-users. Additionally, it may expose Elastic Security package policy objects containing private keys, bearer tokens, and sessions of third-party integrations, as well as authorization headers, client secrets, local file paths, and stack traces. The vulnerability can occur in any Kibana instance running an affected version that experiences unexpected errors when communicating with Elasticsearch or under specific circumstances with debug level logging enabled. Elastic has released Kibana 8.11.2 to address this issue. The danger posed to organizations includes the potential exposure of sensitive information and credentials which could be exploited by malicious actors.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46675 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options