Primary

Context

Elastic Agent and Elastic Security Endpoint Local API Key Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in Elastic Agent and Elastic Security Endpoint versions prior to 8.15.0, allowing local unauthorized actors to access sensitive information. This exposure can lead to a breach of confidentiality and enable impersonation of the Endpoint within the Elastic Stack. The issue was discovered by Elastic engineers, who found no evidence of it being known or exploited by malicious actors.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, allowing for potential impersonation of the Endpoint in the Elastic Stack.

Remediation

Users can upgrade to Elastic Agent or Elastic Security Endpoint version 8.15.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

4.8

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

4.8

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Agent and Elastic Security Endpoint Local API Key Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Elastic Agent

Elastic Security Endpoint

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating