Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2023-10-26T17:47:37.065Z

Updated: 2024-08-02T14:53:31.112Z

Reserved: 2023-04-27T18:54:56.704Z

Link: CVE-2023-31417

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-26T18:15:08.500

Modified: 2024-11-21T08:01:49.250

Link: CVE-2023-31417

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-09-06T00:00:00Z

Links: CVE-2023-31417 - Bugzilla