Unrated severityNVD Advisory· Published May 1, 2025· Updated May 1, 2025

Elastic Agent / Elastic Endpoint Security local API key disclosure

CVE-2023-46669

Description

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.

Affected products

Elastic/Elastic Agentllm-create
Elastic/Elastic Security Endpointllm-create
Elastic/Elastic Defendcpe-rescue
Range: 8.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000