Elastic Cloud on Kubernetes (ECK) secret token configuration issue (ESA-2023-11)
Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0.
This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.
Elastic Cloud on Kubernetes (ECK) before 2.8 with APM Server after 8.0
Solutions and Mitigations:
Users should upgrade to Elastic Cloud on Kubernetes (ECK) version 2.8 or higher.
CVSSv3: 5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE ID: CVE-2023-31416