CVE-2023-46669

MEDIUM

Elastic Agent/Elastic Security Endpoint - Info Disclosure

Title source: llm

Description

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706

Scores

CVSS v3 6.2

EPSS 0.0008

EPSS Percentile 23.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

elastic/elastic_agent < 8.15.0

elastic/endpoint_security < 8.15.0

Published May 01, 2025

Tracked Since Feb 18, 2026