Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN274

_____________________________________________________________________

DATE                : 02/05/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Elastic Agent versions prior
                           to 7.17.25, 8.15.4, 8.15.0.

=====================================================================
https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708
https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706
_____________________________________________________________________


Elastic Agent 7.17.25 and 8.15.4 Security Update (ESA-2024-39)
Announcements Security Announcements
ismisepaul (Paul) May 1, 2025, 10:11am 1

Elastic Agent Inclusion of Functionality from Untrusted Control
Sphere (ESA-2024-39)

Inclusion of functionality from an untrusted control sphere in
Elastic Agent subprocess, osqueryd, allows local attackers to
execute arbitrary code via parameter injection.

An attacker requires local access and the ability to modify osqueryd
configurations.

Affected Versions:
Elastic Agent <= 7.17.24 and Elastic Agent <= 8.15.3

Solutions and Mitigations:
The issue is resolved in version 7.17.25 and 8.15.4 or greater.

Severity: CVSSv3.1: 4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N}
CVE ID: CVE-2024-52976

_____________________________________________________________________

Elastic Agent / Elastic Endpoint Security Security Update
(ESA-2025-03)
Announcements Security Announcements
ismisepaul (Paul) May 1, 2025, 10:06am 1

Elastic Agent / Elastic Endpoint Security local API key disclosure
(ESA-2025-03)

Exposure of sensitive information to local unauthorized actors in
Elastic Agent and Elastic Security Endpoint can lead to loss of
confidentiality and impersonation of Endpoint to the Elastic Stack.
This issue was identified by Elastic engineers and Elastic has no
indication that it is known or has been exploited by malicious
actors.


Affected Versions:
Elastic Agent and Elastic Endpoint Security versions < 8.15.0


Solutions and Mitigations:
The issue is resolved in version 8.15.0.


Severity: CVSSv3.1: 6.2 (Medium) - AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID: CVE-2023-46669


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================