CVE-2023-31416

Name of the Vulnerable Software and Affected Versions ECK versions prior to 2.8 APM Server versions 8.0 and later

Description The secret token configuration is not applied when using ECK with a version less than 2.8 alongside an APM Server version 8.0 or greater. This could lead to anonymous requests being accepted by the APM Server and the data being ingested into the APM deployment.

Recommendations For ECK versions prior to 2.8, update to version 2.8 or later to ensure the secret token configuration is applied correctly. For APM Server versions 8.0 and later, consider restricting access to the APM Server until the ECK version is updated to 2.8 or later.