CVE-2023-46669

Medium CVSS: 6.2

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

Vendor

Elastic

Product

Elastic Agent

CWE

CWE-200

Yayın Tarihi

2025-05-01 13:15:49

Güncelleme

2025-10-01 19:31:08

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-200 Elastic Agent MEDIUM Elastic 2025

Referanslar

https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706

Benzer Kayıtlar

Medium

CVE-2026-26939

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Resp…

Medium

CVE-2026-26940

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead De…

Medium

CVE-2026-26937

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Dat…

High

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…

Medium

CVE-2026-26934

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-on…

Medium

CVE-2026-26935

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Servi…