CVE-2023-31413

CVE-2023-31413 is a low-severity vulnerability in Elastic Filebeat with a CVSS 3.x base score of 3.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-532.

Key facts

Description

Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.

Frequently asked questions

What is CVE-2023-31413?
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
How severe is CVE-2023-31413?
CVE-2023-31413 has a CVSS 3.x base score of 3.3, rated low severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
Is CVE-2023-31413 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (8th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2023-31413?
CVE-2023-31413 primarily affects Elastic Filebeat. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2023-31413?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2023-31413 published?
CVE-2023-31413 was published on 2023-05-04 and last updated on 2026-06-17.

References

Affected products (2)

More vulnerabilities in Elastic Filebeat

All CVEs affecting Elastic Filebeat →

Other CWE-532 (Insertion of Sensitive Information into Log File) vulnerabilities

Browse all CWE-532 (Insertion of Sensitive Information into Log File) vulnerabilities →