An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2023-10-26T00:59:36.713Z
Updated: 2024-09-09T15:53:29.701Z
Reserved: 2023-10-24T17:28:32.185Z
Link: CVE-2023-46667
Vulnrichment
Updated: 2024-08-02T20:53:21.078Z
NVD
Status : Modified
Published: 2023-10-26T01:15:07.987
Modified: 2024-11-21T08:29:01.517
Link: CVE-2023-46667
Redhat
No data.