CVE-2023-46669

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-46669

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46669.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46669

Published

2025-05-01T13:15:49Z

Modified

2026-04-10T05:05:10.507605Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

References

https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706

Affected packages

Git / github.com/elastic/elastic-agent

Affected ranges

Type

GIT

Repo

https://github.com/elastic/elastic-agent

Events

Introduced

Fixed

25075f6c4c6a370c522f85426d36d8bd10c080c0

Introduced

Fixed

25075f6c4c6a370c522f85426d36d8bd10c080c0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.15.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "8.15.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46669.json"