CVE-2023-31416 Information

Description

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.

Reference

https://www.elastic.co/community/security https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854