Elastic Cloud on Kubernetes (ECK) secret token configuration issue (ESA-2023-11)
Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0.
This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.
Affected Versions:
Elastic Cloud on Kubernetes (ECK) before 2.8 with APM Server after 8.0
Solutions and Mitigations:
Users should upgrade to Elastic Cloud on Kubernetes (ECK) version 2.8 or higher.
CVSSv3: 5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE ID: CVE-2023-31416