What is the severity of CVE-2023-6687?

The severity of CVE-2023-6687 is classified as moderate due to potential information disclosure through logging raw event data.

How do I fix CVE-2023-6687?

To fix CVE-2023-6687, upgrade Elastic Agent to a version beyond 8.11.3 or 7.17.16.

What versions of Elastic Agent are affected by CVE-2023-6687?

CVE-2023-6687 affects Elastic Agent versions from 7.0.0 to 7.17.16 and from 8.0.0 to 8.11.3.

What types of events trigger warnings or errors in CVE-2023-6687?

CVE-2023-6687 triggers warnings or errors when Elastic Agent fails to ingest events to Elasticsearch with a 4xx HTTP status code, except for 409 or 429.

Is there a workaround for CVE-2023-6687?

Currently, the recommended solution for CVE-2023-6687 is to upgrade to a patched version, with no official workaround provided.

Vulnerability/
CVE-2023-6687

medium

6.8

CWE

532

EPSS

0.049%

12/12/2023

2/8/2024

CVE-2023-6687: Elastic Agent Insertion of Sensitive Information into Log File

First published: Tue Dec 12 2023(Updated: )

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.

Credit: bressers@elastic.co

Affected Software	Affected Version	How to fix
Elastic	>=7.0.0<7.17.16
Elastic	>=8.0.0<8.11.3

Never miss a vulnerability like this again

Reference Links

https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180

Frequently Asked Questions

What is the severity of CVE-2023-6687?
The severity of CVE-2023-6687 is classified as moderate due to potential information disclosure through logging raw event data.
How do I fix CVE-2023-6687?
To fix CVE-2023-6687, upgrade Elastic Agent to a version beyond 8.11.3 or 7.17.16.
What versions of Elastic Agent are affected by CVE-2023-6687?
CVE-2023-6687 affects Elastic Agent versions from 7.0.0 to 7.17.16 and from 8.0.0 to 8.11.3.
What types of events trigger warnings or errors in CVE-2023-6687?
CVE-2023-6687 triggers warnings or errors when Elastic Agent fails to ingest events to Elasticsearch with a 4xx HTTP status code, except for 409 or 429.
Is there a workaround for CVE-2023-6687?
Currently, the recommended solution for CVE-2023-6687 is to upgrade to a patched version, with no official workaround provided.

agent/type
agent/event
agent/first-publish-date
agent/title
agent/weakness
agent/author
agent/severity
agent/references
agent/description
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
vendor/elastic
canonical/elastic
version/elastic/7.0.0
version/elastic/8.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.