CVE-2024-37283

EUVD-2024-36558
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
elasticelastic_agent
8.6.0 ≤
𝑥
< 8.15.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.elastic.co/t/elastic-agent-8-15-0-security-update-esa-2024-23/364635