CVE-2021-22133

Published: Feb 10, 2021Modified: Nov 21, 2024

2.4

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

Affected (1)

Products: Elastic: Apm Agent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elastic Apm Agent	Before 1.11.0

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252

Source: security@elastic.co

Release NotesVendor Advisory

https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-11-0-security-update/263252

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.