Skip to main content

Elastic Agent

5 CVEs product

Monthly

CVE-2024-52976 MEDIUM PATCH This Month

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

RCE Elastic Elastic Agent
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-46669 MEDIUM PATCH This Month

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Elastic Elastic Agent Endpoint Security
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-37283 MEDIUM PATCH This Month

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Elastic Agent
NVD
CVSS 4.0
6.5
EPSS
0.6%
CVE-2023-6687 MEDIUM This Month

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Agent
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31421 HIGH This Week

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats Elastic Agent Apm Server +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

RCE Elastic Elastic Agent
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Elastic Elastic Agent +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Elastic Agent
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Agent
NVD
EPSS 0% CVSS 7.5
HIGH This Week

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy