CVE-2023-46668 – Elastic Endpoint Insertion of Sensitive Information into Log File
https://notcve.org/view.php?id=CVE-2023-46668
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts. Si Elastic Endpoint (v7.9.0 - v8.10.3) está configurado para usar una opción no predeterminada en la que el nivel de log está configurado explícitamente en debug, y cuando Elastic Agent está configurado simultáneamente para recopilar y enviar esos registros a Elasticsearch, entonces las claves de API del Agente Elastic se pueden ver en Elasticsearch en texto plano. Estas claves API podrían usarse para escribir datos arbitrarios y leer artefactos de usuario de Elastic Endpoint. • https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203 https://www.elastic.co/community/security • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-38777
https://notcve.org/view.php?id=CVE-2022-38777
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. • https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVE-2022-38774
https://notcve.org/view.php?id=CVE-2022-38774
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Se descubrió un problema en la función de cuarentena de Elastic Endpoint Security y Elastic Endgame para Windows, que podría permitir a los usuarios sin privilegios elevar sus permisos a los de la cuenta LocalSystem. • https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVE-2022-38775
https://notcve.org/view.php?id=CVE-2022-38775
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Se descubrió un problema en la función de reversión de Elastic Endpoint Security para Windows, que podría permitir a los usuarios sin privilegios elevar sus privilegios a los de la cuenta LocalSystem. • https://discuss.elastic.co/t/endpoint-security-8-4-1-security-statement/323753 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVE-2022-23714
https://notcve.org/view.php?id=CVE-2022-23714
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Se ha detectado un problema de escalada de privilegios locales (LPE) en las funcionalidades de ransomware canaries de Elastic Endpoint Security para Windows, que podría permitir a usuarios no privilegiados elevar sus privilegios a los de la cuenta LocalSystem • https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 https://www.elastic.co/community/security • CWE-264: Permissions, Privileges, and Access Controls •