CVE-2023-31422

Name of the Vulnerable Software and Affected Versions Kibana version 8.10.0

Description The issue impacts Kibana when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern, allowing sensitive information to be recorded in logs in the event of an error. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana system, kibana-metricbeat, or Kibana end-users.

Recommendations For Kibana version 8.10.0, update to Kibana 8.10.1 to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation. Avoid using the JSON layout or the %meta pattern in the pattern layout until the issue is resolved.