CVE-2023-49922

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 19, 2023

CWE ID 532

Summary

CVE-2023-49922 is a vulnerability affecting Elastic's Beats and Elastic Agent. When these applications fail to ingest events into Elasticsearch with certain 4xx HTTP status codes, they log the raw event data at the WARN or ERROR level. Sensitive or private information contained in the event could be exposed in the logs. Elastic has addressed this issue by releasing updates 8.11.3 and 7.17.16, which limit such logs to the DEBUG level, although this level is disabled by default. Users are advised to configure their applications to only log at the necessary level to minimize potential exposure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Elastic Beats

Affected Vendors

Elastic

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-49922 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database