CVE-2023-46671

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-46671

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46671.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46671

Published

2023-12-13T07:15:22.013Z

Modified

2026-03-14T12:16:23.430461Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users. The issue occurs infrequently, only if an error is returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluster (for example, when returning circuit breaker or no shard exceptions).

References

https://discuss.elastic.co/t/8-11-1-7-17-15-security-update-esa-2023-25/347149

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

57ca5e139a33dd2eed927ce98d8231a1f217cd15

Fixed

09feaf416f986b239b8e8ad95ecdda0f9d56ebec

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.11.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46671.json"