← Back

CVE-2024-37286

nvd nist
Published: Aug 3, 2024Modified: Sep 11, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.

Affected (1)

Products: Elastic: Apm Server
Elastic
1 product
Apm Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Apm Server
Before 8.14.0

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

Source: security@elastic.co
Vendor Advisory

Timeline

No history available yet.