CVE-2023-49922
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-49922 is a vulnerability affecting Elastic's Beats and Elastic Agent. When these applications fail to ingest events into Elasticsearch with certain 4xx HTTP status codes, they log the raw event data at the WARN or ERROR level. Sensitive or private information contained in the event could be exposed in the logs. Elastic has addressed this issue by releasing updates 8.11.3 and 7.17.16, which limit such logs to the DEBUG level, although this level is disabled by default. Users are advised to configure their applications to only log at the necessary level to minimize potential exposure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Elastic Beats
Affected Vendors
- Elastic