CVE-2023-49923

Enterprise Search Insertion of Sensitive Information into Log File

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.

Elastic descubrió un problema por el cual la API de documentos de App Search registraba el contenido sin procesar de los documentos indexados en el nivel de registro INFO. Dependiendo del contenido de dichos documentos, esto podría dar lugar a la inserción de información confidencial o privada en los registros de búsqueda de aplicaciones. Elastic lanzó 8.11.2 y 7.17.16 que resuelve este problema cambiando el nivel de registro en el que se registran a DEBUG, que está deshabilitado de forma predeterminada.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-12-02 CVE Reserved
2023-12-12 CVE Published
2024-08-02 CVE Updated
2024-11-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-532: Insertion of Sensitive Information into Log File

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181	2023-12-19
https://www.elastic.co/community/security	2023-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Elastic Search vendor "Elastic"		Enterprise Search Search vendor "Elastic" for product "Enterprise Search"				>= 7.0.0 < 7.17.16 Search vendor "Elastic" for product "Enterprise Search" and version " >= 7.0.0 < 7.17.16"		-		Affected
Elastic Search vendor "Elastic"		Enterprise Search Search vendor "Elastic" for product "Enterprise Search"				>= 8.0.0 < 8.11.2 Search vendor "Elastic" for product "Enterprise Search" and version " >= 8.0.0 < 8.11.2"		-		Affected