Main Vulnerability Database Vulnerabilities #VU84393

Inclusion of sensitive information in log files in Enterprise Search - CVE-2023-49923

Published: December 13, 2023

Vulnerability identifier: #VU84393

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-49923

CWE-ID: CWE-532

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Elastic Stack

Affected software:
Enterprise Search

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. A remote user can view the log files and gain access to sensitive information.

How to mitigate CVE-2023-49923

Install updates from vendor's website.

Inclusion of sensitive information in log files in Enterprise Search - CVE-2023-49923

Detailed vulnerability description

How to mitigate CVE-2023-49923

Sources

Please verify you're human