#VU84393 Inclusion of sensitive information in log files in Enterprise Search - CVE-2023-49923

Cybersecurity Help s.r.o.

Published: 2023-12-13

Vulnerability identifier: #VU84393

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-49923

CWE-ID: CWE-532

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Enterprise Search
Server applications / Database software

Vendor: Elastic Stack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. A remote user can view the log files and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Enterprise Search: 7.7.0 - 7.17.15, 8.0.0 - 8.11.1

External links
https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181
https://www.elastic.co/community/security#ESA-2023-31

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Inclusion of sensitive information in log files in Elastic Enterprise Search