Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46669

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

Published

2025-05-01T13:15:49.000

Last Modified

2025-10-01T19:31:08.700

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	elastic_agent	< 8.15.0	Yes
Application	elastic	endpoint_security	< 8.15.0	Yes

References

https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706 Patch, Vendor Advisory ([email protected])