CVE-2024-23448

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
elasticCNA
5.7 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
elasticapm_server
𝑥
< 8.12.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688
https://www.elastic.co/community/security
https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688
https://www.elastic.co/community/security