CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46669 – Elastic Agent / Elastic Endpoint Security local API key disclosure
https://notcve.org/view.php?id=CVE-2023-46669
01 May 2025 — Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors. • https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25013 – Elastic Defend Insertion of Sensitive Information into Log Files
https://notcve.org/view.php?id=CVE-2025-25013
08 Apr 2025 — Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. • https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37284 – Elastic Defend Improper Handling of Alternate Encoding Leads to Crash
https://notcve.org/view.php?id=CVE-2024-37284
21 Jan 2025 — Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing the process. • https://discuss.elastic.co/t/elastic-defend-8-13-3-security-update-esa-2024-24/373441 • CWE-755: Improper Handling of Exceptional Conditions •