Search criteria

6 vulnerabilities found for Fleet Server by Elastic

CERTFR-2026-AVI-0826

Vulnerability from certfr_avis - Published: 2026-07-02 - Updated: 2026-07-02

De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Elastic Kibana Kibana versions 8.17.x antérieures à 8.17.2
Elastic Kibana Kibana versions 8.19.x antérieures à 8.19.17
Elastic Fleet Server Fleet Server versions 8.x antérieures à 8.19.15
Elastic Elastic Defend Elastic Defend versions 9.3.x antérieures à 9.3.2
Elastic Kibana Kibana versions 8.18.x antérieures à 8.18.9
Elastic Elasticsearch Elasticsearch versions 9.4.x antérieures à 9.4.3
Elastic Kibana Kibana versions 8.x antérieures à 8.16.3
Elastic Elastic Defend Elastic Defend versions 9.x antérieures à 9.2.7
Elastic Elasticsearch Elasticsearch versions 8.x antérieures à 8.19.17
Elastic Elasticsearch Elasticsearch versions 9.x antérieures à 9.3.5
Elastic Elasticsearch Elasticsearch versions 7.x antérieures à 7.17.24
Elastic Elastic Defend Elastic Defend versions postérieures à 8.6.x antérieures à 8.19.13
Elastic Kibana Kibana versions 7.x antérieures à 7.17.15
Elastic Kibana Kibana versions 9.x antérieures à 9.0.8, 9.1.6, 9.3.6 ou 9.4.3
Elastic Fleet Server Fleet Server versions 9.x antérieures à 9.3.4
References
Bulletin de sécurité Elastic 387445 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387446 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387443 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387438 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387440 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387444 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387449 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387439 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387442 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387447 2026-07-01 vendor-advisory
Bulletin de sécurité Elastic 387441 2026-07-01 vendor-advisory

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Kibana versions 8.17.x ant\u00e9rieures \u00e0 8.17.2",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 8.19.x ant\u00e9rieures \u00e0 8.19.17",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Fleet Server versions 8.x ant\u00e9rieures \u00e0 8.19.15",
      "product": {
        "name": "Fleet Server",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Defend versions 9.3.x ant\u00e9rieures \u00e0 9.3.2",
      "product": {
        "name": "Elastic Defend",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 8.18.x ant\u00e9rieures \u00e0 8.18.9",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elasticsearch versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 8.x ant\u00e9rieures \u00e0 8.16.3",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Defend versions 9.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "Elastic Defend",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elasticsearch versions 8.x ant\u00e9rieures \u00e0 8.19.17",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elasticsearch versions 9.x ant\u00e9rieures \u00e0 9.3.5",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elasticsearch versions 7.x ant\u00e9rieures \u00e0 7.17.24",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Defend versions post\u00e9rieures \u00e0 8.6.x ant\u00e9rieures \u00e0 8.19.13",
      "product": {
        "name": "Elastic Defend",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 7.x ant\u00e9rieures \u00e0 7.17.15",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 9.x ant\u00e9rieures \u00e0 9.0.8, 9.1.6, 9.3.6 ou 9.4.3",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Fleet Server versions 9.x ant\u00e9rieures \u00e0 9.3.4",
      "product": {
        "name": "Fleet Server",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-49091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49091"
    },
    {
      "name": "CVE-2026-56150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-56150"
    },
    {
      "name": "CVE-2026-56151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-56151"
    },
    {
      "name": "CVE-2026-49090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49090"
    },
    {
      "name": "CVE-2026-32283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
    },
    {
      "name": "CVE-2026-56149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-56149"
    },
    {
      "name": "CVE-2026-56152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-56152"
    },
    {
      "name": "CVE-2026-56148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-56148"
    },
    {
      "name": "CVE-2026-49089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49089"
    },
    {
      "name": "CVE-2026-49088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49088"
    },
    {
      "name": "CVE-2026-49087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-49087"
    }
  ],
  "initial_release_date": "2026-07-02T00:00:00",
  "last_revision_date": "2026-07-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0826",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
  "vendor_advisories": [
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387445",
      "url": "https://discuss.elastic.co/t/kibana-8-18-9-8-19-6-9-0-8-9-1-6-security-update-esa-2026-50/387445"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387446",
      "url": "https://discuss.elastic.co/t/kibana-8-16-3-8-17-2-security-update-esa-2026-51/387446"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387443",
      "url": "https://discuss.elastic.co/t/elastic-defend-8-19-13-9-2-7-9-3-2-security-update-esa-2026-46/387443"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387438",
      "url": "https://discuss.elastic.co/t/fleet-server-8-19-15-9-3-4-9-4-0-security-update-esa-2026-41/387438"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387440",
      "url": "https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-43/387440"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387444",
      "url": "https://discuss.elastic.co/t/kibana-8-19-15-9-3-4-security-update-esa-2026-49/387444"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387449",
      "url": "https://discuss.elastic.co/t/kibana-7-17-15-8-11-1-security-update-esa-2026-53/387449"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387439",
      "url": "https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-42/387439"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387442",
      "url": "https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45/387442"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387447",
      "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-8-15-0-security-update-esa-2026-52/387447"
    },
    {
      "published_at": "2026-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic 387441",
      "url": "https://discuss.elastic.co/t/fleet-server-8-19-11-9-2-5-9-3-0-security-update-esa-2026-44/387441"
    }
  ]
}

CERTFR-2025-AVI-0062

Vulnerability from certfr_avis - Published: 2025-01-23 - Updated: 2025-01-23

De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Elastic Kibana Kibana versions 7.x antérieures à 7.17.23
Elastic Kibana Kibana versions 8.x antérieures à 8.15.0
Elastic Fleet Server Fleet Server versions antérieures à 8.15.0
References

Show details on source website

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Kibana versions 7.x ant\u00e9rieures \u00e0 7.17.23",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 8.x ant\u00e9rieures \u00e0 8.15.0",
      "product": {
        "name": "Kibana",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Fleet Server versions ant\u00e9rieures \u00e0 8.15.0",
      "product": {
        "name": "Fleet Server",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43708"
    },
    {
      "name": "CVE-2024-43707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43707"
    },
    {
      "name": "CVE-2024-43710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43710"
    },
    {
      "name": "CVE-2024-52975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52975"
    },
    {
      "name": "CVE-2024-52972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52972"
    }
  ],
  "initial_release_date": "2025-01-23T00:00:00",
  "last_revision_date": "2025-01-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0062",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
  "vendor_advisories": [
    {
      "published_at": "2025-01-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-31",
      "url": "https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522"
    },
    {
      "published_at": "2025-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-33",
      "url": "https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548"
    },
    {
      "published_at": "2025-01-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-29 et ESA-2024-30",
      "url": "https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521"
    }
  ]
}

CVE-2026-56150 (GCVE-0-2026-56150)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:26 – Updated: 2026-07-01 17:25
VLAI?
Title
Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service
Summary
Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
Impacted products
Vendor Product Version
Elastic Fleet Server Affected: 9.0.0 , ≤ 9.2.4 (semver)
Affected: 8.0.0 , ≤ 8.19.10 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:16:33.748948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:09.438Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fleet Server",
          "vendor": "Elastic",
          "versions": [
            {
              "lessThanOrEqual": "9.2.4",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.19.10",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:26:31.198Z",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "url": "https://discuss.elastic.co/t/fleet-server-8-19-11-9-2-5-9-3-0-security-update-esa-2026-44"
        }
      ],
      "source": {
        "discovery": "Elastic"
      },
      "title": "Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service",
      "x_generator": {
        "engine": "Elastic CVE Publisher 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2026-56150",
    "datePublished": "2026-07-01T16:26:31.198Z",
    "dateReserved": "2026-06-19T11:01:02.535Z",
    "dateUpdated": "2026-07-01T17:25:09.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52975 (GCVE-0-2024-52975)

Vulnerability from cvelistv5 – Published: 2025-01-23 07:19 – Updated: 2025-01-23 14:45
VLAI?
Title
Fleet Server sensitive information exposure via logs
Summary
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
Impacted products
Vendor Product Version
Elastic Fleet Server Affected: 8.13.0 , < 8.15.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T14:45:36.603244Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T14:45:48.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fleet Server",
          "vendor": "Elastic",
          "versions": [
            {
              "lessThan": "8.15.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-01-23T06:04:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.\u003cbr\u003e"
            }
          ],
          "value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-23T07:19:39.170Z",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "url": "https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Fleet Server sensitive information exposure via logs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2024-52975",
    "datePublished": "2025-01-23T07:19:39.170Z",
    "dateReserved": "2024-11-18T14:48:22.150Z",
    "dateUpdated": "2025-01-23T14:45:48.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31421 (GCVE-0-2023-31421)

Vulnerability from cvelistv5 – Published: 2023-10-26 03:10 – Updated: 2024-08-02 14:53
VLAI?
Title
Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue
Summary
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:53:30.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elastic.co/community/security"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Beats",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0, 8.9.2"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Elastic Agent",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0, 8.9.2"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "APM Server",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0, 8.9.2"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Fleet Server",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0, 8.9.2"
            }
          ]
        }
      ],
      "datePublic": "2023-09-19T15:32:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIt was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\u0027s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.\u003c/span\u003e"
            }
          ],
          "value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate\u0027s IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-26T03:10:52.684Z",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"
        },
        {
          "url": "https://www.elastic.co/community/security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2023-31421",
    "datePublished": "2023-10-26T03:10:52.684Z",
    "dateReserved": "2023-04-27T18:54:56.705Z",
    "dateUpdated": "2024-08-02T14:53:30.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46667 (GCVE-0-2023-46667)

Vulnerability from cvelistv5 – Published: 2023-10-26 00:59 – Updated: 2024-09-09 15:53
VLAI?
Title
Fleet Server Insertion of Sensitive Information into Log File
Summary
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
Impacted products
Vendor Product Version
Elastic Fleet Server Affected: 8.10.0 , < 8.10.3 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elastic.co/community/security"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:elastic:fleet_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fleet_server",
            "vendor": "elastic",
            "versions": [
              {
                "lessThan": "8.10.3",
                "status": "affected",
                "version": "8.10.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46667",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T15:47:02.345938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T15:53:29.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fleet Server",
          "vendor": "Elastic",
          "versions": [
            {
              "lessThan": "8.10.3",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T12:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An issue was discovered in Fleet Server \u0026gt;= v8.10.0 and \u0026lt; v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
            }
          ],
          "value": "An issue was discovered in Fleet Server \u003e= v8.10.0 and \u003c v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-26T00:59:36.713Z",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
        },
        {
          "url": "https://www.elastic.co/community/security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Fleet Server Insertion of Sensitive Information into Log File",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2023-46667",
    "datePublished": "2023-10-26T00:59:36.713Z",
    "dateReserved": "2023-10-24T17:28:32.185Z",
    "dateUpdated": "2024-09-09T15:53:29.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}