CVE-2023-31416 MEDIUM

CVE-2023-31416: Elastic Cloud on Kubernetes (ECK) secret token configuration issue

Vendor Elastic

Product Elastic Cloud on Kubernetes

Weakness CWE-200 · Info exposure

Published October 26, 2023

Last update September 9, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.

Key dates

02Disclosure timeline

October 26, 2023 CVE published

September 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-31416 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-39974 Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 CVE-2021-32695 Malicious Android app could access Shared Preferences of the Nextcloud Android client CVE-2020-9733 Sensitive information disclosure possible in AEM CVE-2026-7542 Slider Revolution <= 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure CVE-2024-7630 Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure