Inclusion of Sensitive Information in Log Files in Beats - CVE-2023-6687
Published: December 13, 2023
Vulnerability identifier: #VU84386
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-6687
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Beats
Beats
Software vendor:
Elastic Stack
Elastic Stack
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. Beats and Elastic Agent would log a raw event in its own logs at the `WARN` or `ERROR` level if ingesting that event to Elasticsearch failed with any `4xx HTTP` status code except `409` or `429`. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. A local user can read the log files and gain access to sensitive data.
Remediation
Install updates from vendor's website.