CVE-2023-31413: Infoleak
First published: Thu May 04 2023(Updated: )
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Filebeat | <=7.17.9 | |
| Elastic Filebeat | =8.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in Filebeat?
The vulnerability ID for this flaw in Filebeat is CVE-2023-31413.
Which versions of Filebeat are affected by this vulnerability?
Filebeat versions through 7.17.9 and 8.6.2 are affected by this vulnerability.
What is the impact of this vulnerability?
The impact of this vulnerability is that the http request Authorization or Proxy-Authorization header contents can be leaked in the logs when debug logging is enabled.
How severe is this vulnerability?
This vulnerability has a severity rating of 3.3 (low).
How can I fix this vulnerability in Filebeat?
To fix this vulnerability in Filebeat, you should update to a version higher than 7.17.9 or 8.6.2.
- collector/nvd-latest
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/elastic
- canonical/elastic filebeat
- version/elastic filebeat/7.17.9
- version/elastic filebeat/8.6.2