Over-Privileged API Credentials for Elastic Agent
Medium
E
Elastic
Submitted None
Team Summary
Official summary from Elastic
@captaingeech found that the permissions grated to the Elastic Agent in a Fleet environment grant the ability to delete documents from sensitive security indices.
Actions:
Reported by
captaingeech
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$1300.00
Submitted
Weakness
Violation of Secure Design Principles