CVE-2023-46667

Name of the Vulnerable Software and Affected Versions Fleet Server versions 8.10.0 through 8.10.2

Description An issue was discovered where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively, a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.

Recommendations For Fleet Server versions 8.10.0 through 8.10.2, consider disabling the logging of Agent enrolment tokens until a patch is available. Restrict access to the Fleet Server’s log file to minimize the risk of exploitation. Avoid using the affected versions until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.