Lucene search

PRIOn knowledge basePRION:CVE-2023-31413

HistoryMay 04, 2023 - 9:15 p.m.

Authorization

2023-05-0421:15:00

PRIOn knowledge base

www.prio-n.com

filebeat

httpjson input

authorization header

logs

debug logging

flaw

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.

CPENameOperatorVersion
filebeateq8.6.2
filebeatle7.17.9

CPE	Name	Operator	Version
	filebeat	eq	8.6.2
	filebeat	le	7.17.9

References

discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327

www.elastic.co/community/security/