← volver
CVE-2023-46669

Elastic Agent / Elastic Endpoint Security local API key disclosure

CVSS 6.2 MEDIUMEPSS 0.2%CWE-200
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 may 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Elastic · Elastic Agent and Elastic Defend

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706