cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52975,https://securityvulnerability.io/vulnerability/CVE-2024-52975,Information Disclosure in Fleet Server by Elastic,"An information disclosure vulnerability exists in Fleet Server by Elastic, where sensitive data may be inadvertently logged at INFO and ERROR log levels. The exposed information depends on the enabled integrations, potentially leading to unintended data exposure. Users are urged to review their logging configurations and apply necessary updates to mitigate this risk.",Elastic,Fleet Server,9,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T07:19:39.170Z,237
CVE-2023-31421,https://securityvulnerability.io/vulnerability/CVE-2023-31421,"Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue","A vulnerability has been identified in which Beats, Elastic Agent, APM Server, and Fleet Server do not adequately verify server certificates when connecting to target IP addresses. While the signature of the certificate is checked, the validation process fails to confirm the server certificate's IP Subject Alternative Name (SAN) values against the actual IP being targeted. This lapse means that if configured to connect via an IP address instead of a hostname, the expected security checks are bypassed, potentially allowing unauthorized access.",Elastic,"Beats,Elastic Agent,APM Server,Fleet Server",7.5,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2023-10-26T04:15:00.000Z,0
CVE-2023-46667,https://securityvulnerability.io/vulnerability/CVE-2023-46667,Fleet Server Insertion of Sensitive Information into Log File,"An identified security issue in Fleet Server versions 8.10.0 to 8.10.2 has been found where sensitive enrolment tokens are logged in plain text. This exposure can enable unauthorized individuals to enroll agents into managing policies, potentially allowing them to access sensitive information stored within those policies, such as Elasticsearch and various third-party service secrets. Additionally, it poses a risk of malicious agents being able to relay bogus events back to Elasticsearch, thereby undermining the integrity and reliability of the data.",Elastic,Fleet Server,8.1,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-10-26T01:15:00.000Z,0