CVE-2023-49921

Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 7.17.16 Elasticsearch versions prior to 8.11.2

Description An issue was discovered whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. The issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.

Recommendations For versions prior to 7.17.16, update to version 7.17.16 or later to resolve the issue. For versions prior to 8.11.2, update to version 8.11.2 or later to resolve the issue. As a temporary workaround, consider setting the search input’s logger to a level higher than DEBUG to minimize the risk of excessive logging.