CVE-2023-46669: Elastic Agent / Elastic Endpoint Security local API key disclosure
First published: Thu May 01 2025(Updated: )
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic | ||
| Elastic Endpoint Security |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-46669?
CVE-2023-46669 has a high severity rating due to the potential exposure of sensitive information to unauthorized local actors.
How do I fix CVE-2023-46669?
To fix CVE-2023-46669, update the Elastic Agent and Elastic Endpoint Security to the latest version provided by Elastic.
What are the implications of CVE-2023-46669?
CVE-2023-46669 can lead to a loss of confidentiality and allow impersonation of endpoints to the Elastic Stack.
Which products are affected by CVE-2023-46669?
CVE-2023-46669 affects Elastic Agent and Elastic Endpoint Security.
Who identified the CVE-2023-46669 vulnerability?
CVE-2023-46669 was identified by Elastic engineers.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/elastic
- canonical/elastic
- canonical/elastic endpoint security