CVE-2023-46668

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-532
View all →

Vulnerability Description

If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.

Related Vulnerabilities

CVE-2021-22533

CRITICAL
CVSS:9.1(Critical)

Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenTextâ„¢ eDirectory 9.2.4.0000.

CWE-5322021

CVE-2023-36649

CRITICAL
CVSS:9.1(Critical)

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by ...

CWE-5322023

CVE-2019-4008

CRITICAL
CVSS:9.0(Critical)

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

CWE-5322019

CVE-2020-5389

CRITICAL
CVSS:9.0(Critical)

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC u...

CWE-5322020

CVE-2025-22275

CRITICAL
CVSS:9.3(Critical)

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ss...

CWE-5322025

CVE-2018-1198

HIGH
CVSS:8.8(High)

Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this...

CWE-5322018