{"vulnerability": "CVE-2023-4666", "sightings": [{"uuid": "bad0c8a6-150e-4190-aec0-24b79759c3c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46669", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14265", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46669\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors.\n\ud83d\udccf Published: 2025-05-01T12:59:49.101Z\n\ud83d\udccf Modified: 2025-05-01T12:59:49.101Z\n\ud83d\udd17 References:\n1. https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706", "creation_timestamp": "2025-05-01T13:14:35.000000Z"}, {"uuid": "16c56e24-c050-4358-9a99-438f860e3488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4666", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/passive/cves/2023/CVE-2023-4666.yaml", "content": "", "creation_timestamp": "2025-09-24T10:21:07.000000Z"}, {"uuid": "afcd5cd3-9c53-48b9-9db4-8278d313ce07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4666", "type": "seen", "source": "https://t.me/cibsecurity/72347", "content": "\u203c CVE-2023-4666 \u203c\n\nThe Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T00:32:14.000000Z"}, {"uuid": "096cf5fc-fc40-4ad7-85fe-9c60017d3525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4666", "type": "published-proof-of-concept", "source": "https://t.me/Idi0tSecMarket/21", "content": "CVE-2024-2879|CVE-2023-5360|CVE-2023-4666\n\nWordPress Plugin Vuln Scanner\n-@Salvador1337", "creation_timestamp": "2025-04-07T11:02:22.000000Z"}, {"uuid": "f37d3507-05f0-4847-907b-02c425ceeecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46660", "type": "seen", "source": "https://t.me/arpsyndicate/2381", "content": "#ExploitObserverAlert\n\nCVE-2023-46660\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-46660. Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T23:24:15.000000Z"}, {"uuid": "5a508b8b-8bda-46da-b5a2-4b11ce672c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46665", "type": "seen", "source": "https://t.me/cibsecurity/73018", "content": "\u203c CVE-2023-46665 \u203c\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T00:18:20.000000Z"}, {"uuid": "adb3a39a-be1b-4aaa-a00e-d465dea2ccd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46661", "type": "seen", "source": "https://t.me/cibsecurity/73017", "content": "\u203c CVE-2023-46661 \u203c\n\nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T00:18:16.000000Z"}, {"uuid": "ef0cf789-1ed4-4593-b036-d1e656ebf64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46664", "type": "seen", "source": "https://t.me/cibsecurity/73012", "content": "\u203c CVE-2023-46664 \u203c\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T00:18:11.000000Z"}, {"uuid": "2df3c82a-87ff-43d8-bc5b-2b130d4a734d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46662", "type": "seen", "source": "https://t.me/cibsecurity/73009", "content": "\u203c CVE-2023-46662 \u203c\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T00:18:08.000000Z"}, {"uuid": "34bae3a7-12af-4fec-9482-5d7c958f124c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46663", "type": "seen", "source": "https://t.me/cibsecurity/73003", "content": "\u203c CVE-2023-46663 \u203c\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-27T00:17:59.000000Z"}, {"uuid": "fdc6b127-9fec-4f28-a1e0-bf99c9648ba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46668", "type": "seen", "source": "https://t.me/cibsecurity/72936", "content": "\u203c CVE-2023-46668 \u203c\n\nIf Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T07:44:32.000000Z"}, {"uuid": "6ea90713-aa91-4dd3-9ba8-0afb7d96717a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46666", "type": "seen", "source": "https://t.me/cibsecurity/72984", "content": "\u203c CVE-2023-46666 \u203c\n\nAn issue was discovered when using Document Level Security and the SPO \"Limited Access\" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T20:16:04.000000Z"}, {"uuid": "e0dcc577-0eef-4e69-a2fa-909ccf0b9f93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4666", "type": "seen", "source": "Telegram/KQt3AsBMUv9rm4uNMEtvLFjsfOosJKxmDQL0jQWpInK2LtGCng", "content": "", "creation_timestamp": "2025-01-31T21:40:22.000000Z"}, {"uuid": "7946a9fe-7ea7-4c5a-a50e-94058b61e878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46667", "type": "seen", "source": "https://t.me/cibsecurity/72935", "content": "\u203c CVE-2023-46667 \u203c\n\nAn issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u00e2\u20ac\u2122s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T07:44:31.000000Z"}]}