Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elastic Defend Insertion of Sensitive Information into Log Files
Vulnerability Description
Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elastic Defend 日志信息泄露漏洞
Vulnerability Description
Elastic Defend是荷兰Elastic公司的一款应用程序。提供预防、检测和响应功能,以及对 EPP、EDR、SIEM 和安全分析的深度可见性。 Elastic Defend 8.17.3之前版本存在日志信息泄露漏洞,该漏洞源于环境变量限制不当,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A