CVE-2023-49921: 
Java vulnerability analysis and mitigation

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This vulnerability affects Elasticsearch versions from 7.0.0 to 7.17.16 and 8.0.0 to 8.11.2. The vulnerability could lead to raw contents of documents stored in Elasticsearch being printed in logs (Elastic Advisory).

The vulnerability occurs when the Watcher search input's logger is set to DEBUG or finer level. This affects configurations using org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider hierarchical loggers. The vulnerability has been assigned a CVSS v3.1 base score of 5.2 (Medium) with vector AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N, indicating potential high confidentiality impact (NVD, Elastic Advisory).

The vulnerability could result in sensitive information disclosure as raw contents of documents stored in Elasticsearch could be exposed through log files. This excessive logging of search query results could potentially reveal confidential data to unauthorized parties (Red Hat, Elastic Advisory).

Elastic has released versions 8.11.2 and 7.17.16 that resolve this issue by removing the excessive logging. For users unable to upgrade immediately, a workaround is available by setting the Watcher search input logger to INFO or higher (WARN, ERROR) instead of DEBUG level (Elastic Advisory).