CVE-2023-46668

Name of the Vulnerable Software and Affected Versions Elastic Endpoint versions 7.9.0 through 8.10.3

Description The issue is related to insufficient protection of registration data in Elastic Endpoint, which can allow a remote attacker to disclose protected information. When Elastic Endpoint is configured to use a non-default option with the logging level explicitly set to debug, and Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.

Recommendations For Elastic Endpoint versions 7.9.0 through 8.10.3, consider disabling the debug logging level to prevent API keys from being exposed in plaintext. Restrict access to the Elastic Agent API keys and Elasticsearch logs to minimize the risk of exploitation. Avoid using the non-default option that sets the logging level to debug until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.