CVE-2023-31413

CVSS V2 None CVSS V3 None
Description
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
Overview
  • CVE ID
  • CVE-2023-31413
  • Assigner
  • bressers@elastic.co
  • Vulnerability Status
  • Received
  • Published Version
  • 2023-05-04T21:15:11
  • Last Modified Date
  • 2023-05-04T21:15:11
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
References
Reference URL Reference Tags
https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327
https://www.elastic.co/community/security/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-31413
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31413
History
Created Old Value New Value Data Type Notes
2023-05-04 22:02:41 Added to TrackCVE
2023-05-04 22:02:43 Weakness Enumeration new