CVE

CVE-2023-49921

Severity:

MEDIUM

Type:

CWE-532 Information Exposure Through Log Files

Publication date:

26/07/2024

Last modified:

26/07/2024

Description

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.20 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

5.20

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179