CVE-2023-46669

Elastic Agent / Elastic Endpoint Security local API key disclosure

Description

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

INFO

Published Date :

2025-05-01T12:59:49.101Z

Last Modified :

2025-05-01T15:33:08.751Z

Source :

elastic

AFFECTED PRODUCTS

The following products are affected by CVE-2023-46669 vulnerability.

Vendors	Products
Elastic	Elastic Agent Endpoint Security

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-46669.

URL	Resource
https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact