Enterprise Search Insertion of Sensitive Information into Log File (ESA-2023-31)
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.
Affected Versions:
Enterprise Search versions on or after 7.0.0 and before 7.17.16.
Enterprise Search versions on or after 8.0.0 and before 8.11.2.
Affected Configurations:
Only users that directly utilize the Documents API are affected by this issue, if the documents that they are ingesting via this API contain sensitive or private information.
Solutions and Mitigations:
The issue is resolved in versions 7.17.16 and versions 8.11.2.
Customers on versions before 7.17.16 and 8.11.2 that cannot upgrade can prohibit document contents from being logged by setting log_level to WARN or higher in their Enterprise Search configuration. Refer to our documentation for applying this setting on Elastic Cloud, ECE or self managed clusters.
Severity:
CVSSv3.1: 6.8(Medium) - AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE ID: CVE-2023-49923