exploitDog

CVE-2023-31416

Опубликовано: 26 окт. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.

Ссылки

https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854
Vendor Advisory
https://www.elastic.co/community/security
Not Applicable
https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854
Vendor Advisory
https://www.elastic.co/community/security
Not Applicable

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:elastic:elastic_cloud_on_kubernetes:*:*:*:*:*:*:*:*

Версия до 2.8 (исключая)

cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая)

EPSS

Процентиль: 41%

0.00195

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-f827-q6f2-jc9c

CVSS3: 5.3

github

больше 2 лет назад

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.

EPSS

Процентиль: 41%

0.00195

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo