ByteOS Network

NVD Vulnerability Details :

CVE-2023-46669

Analyzed

Source-bressers@elastic.co

Published At-01 May, 2025 | 13:15

Updated At-01 Oct, 2025 | 19:31

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CPE Matches

Elasticsearch BV

>>elastic_agent>>Versions before 8.15.0(exclusive)

cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*

Elasticsearch BV

>>endpoint_security>>Versions before 8.15.0(exclusive)

cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	bressers@elastic.co
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: bressers@elastic.co

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706	bressers@elastic.co	Patch Vendor Advisory

Hyperlink: https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706

Source: bressers@elastic.co

Resource:

Patch

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History