Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elastic Endpoint Insertion of Sensitive Information into Log File
Vulnerability Description
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elastic Endpoint Security 日志信息泄露漏洞
Vulnerability Description
Elastic Endpoint Security是Elastic公司的一套终端安全解决方案。 Elastic Endpoint Security v7.9.0版本至v8.10.3版本存在日志信息泄露漏洞,该漏洞源于API密钥允许以纯文本形式查看。
CVSS Information
N/A
Vulnerability Type
N/A