CVE-2023-46669— Elastic Agent / Elastic Endpoint Security local API key disclosure
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-46669
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elastic Agent / Elastic Endpoint Security local API key disclosure
Source: NVD (National Vulnerability Database)
Vulnerability Description
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Elastic Agent和Elastic Security Endpoint 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Elastic Agent和Elastic Security Endpoint都是荷兰Elastic公司的产品。Elastic Agent是一个单一代理。可从每台主机收集日志、指标、跟踪、可用性、安全性和其他数据。Elastic Security Endpoint是一个基于Elastic Stack构建的终端检测与响应(EDR)解决方案。 Elastic Agent和Elastic Security Endpoint存在安全漏洞,该漏洞源于敏感信息暴露给本地未授权方,可能导致机密性丧失和端点冒充。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Elastic | Elastic Agent and Elastic Defend | 8.0.0 ~ 8.15.0 | - |
II. Public POCs for CVE-2023-46669
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-46669
请登录查看更多情报信息。
Same Patch Batch · Elastic · 2025-05-01 · 6 CVEs total
| CVE-2024-52979 | 6.5 MEDIUM | Elasticsearch Uncontrolled Resource Consumption vulnerability |
| CVE-2024-11994 | 5.7 MEDIUM | APM Server Insertion of Sensitive Information into Log File |
| CVE-2024-11390 | 5.4 MEDIUM | Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS |
| CVE-2024-52976 | 4.4 MEDIUM | Elastic Agent Inclusion of Functionality from Untrusted Control Sphere |
| CVE-2025-25016 | 4.3 MEDIUM | Kibana Unrestricted Upload of File |
IV. Related Vulnerabilities
Same vendor: Elastic
- CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic - CVE-2026-33466
Improper Limitation of a Pathname to a Restricted Directory - CVE-2026-33458
Server-Side Request Forgery (SSRF) in Kibana One Workflow Le - CVE-2026-33459
Uncontrolled Resource Consumption in Kibana Leading to Denia - CVE-2026-33460
Incorrect Authorization in Kibana Fleet Leading to Informati
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2023-46669
No comments yet