Vulnerabilities > CVE-2023-46675 - Information Exposure Through Log Files vulnerability in Elastic Kibana

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

elastic

CWE-532

NVD

Published: 2023-12-13

Updated: 2023-12-18

Summary

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Kibana 7.13.0 Elastic Kibana 7.13.1 Elastic Kibana 7.14.0 Elastic Kibana 7.14.1 Elastic Kibana 7.14.1. Elastic Kibana 7.14.2 Elastic Kibana 7.15.0 Elastic Kibana 7.15.1 Elastic Kibana 7.15.2 Elastic Kibana 7.16.0 Elastic Kibana 7.16.1 Elastic Kibana 7.16.2 Elastic Kibana 7.16.3 Elastic Kibana 7.17.0 Elastic Kibana 7.17.1 Elastic Kibana 7.17.2 Elastic Kibana 7.17.3 Elastic Kibana 7.17.4 Elastic Kibana 7.17.5 Elastic Kibana 7.17.6 Elastic Kibana 7.17.7 Elastic Kibana 7.17.8 Elastic Kibana 7.17.9 Elastic Kibana 7.17.10 Elastic Kibana 7.17.11 Elastic Kibana 7.17.12 Elastic Kibana 7.17.13 Elastic Kibana 7.17.14 Elastic Kibana 7.17.15 Elastic Kibana 8.0.0 Elastic Kibana 8.0.1 Elastic Kibana 8.1.0 Elastic Kibana 8.1.1 Elastic Kibana 8.1.2 Elastic Kibana 8.1.3 Elastic Kibana 8.2.0 Elastic Kibana 8.2.1 Elastic Kibana 8.2.2 Elastic Kibana 8.2.3 Elastic Kibana 8.3.0 Elastic Kibana 8.3.1 Elastic Kibana 8.3.2 Elastic Kibana 8.3.3 Elastic Kibana 8.4.0 Elastic Kibana 8.4.1 Elastic Kibana 8.4.2 Elastic Kibana 8.4.3 Elastic Kibana 8.5.0 Elastic Kibana 8.5.1 Elastic Kibana 8.5.2 Elastic Kibana 8.5.3 Elastic Kibana 8.6.0 Elastic Kibana 8.6.1 Elastic Kibana 8.6.2 Elastic Kibana 8.7.0 Elastic Kibana 8.7.1 Elastic Kibana 8.8.0 Elastic Kibana 8.8.1 Elastic Kibana 8.8.2 Elastic Kibana 8.9.0 Elastic Kibana 8.9.1 Elastic Kibana 8.9.2 Elastic Kibana 8.10.0 Elastic Kibana 8.10.1 Elastic Kibana 8.10.2 Elastic Kibana 8.10.3 Elastic Kibana 8.10.4 Elastic Kibana 8.11.0 Elastic Kibana 8.11.1	75

Common Weakness Enumeration (CWE)

CWE-532 - Information Exposure Through Log Files

Common Attack Pattern Enumeration and Classification (CAPEC)

Fuzzing and observing application log data/errors for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

References

https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2