CVE Vulnerabilities

CVE-2024-23448

Insertion of Sensitive Information into Log File

Published: Feb 07, 2024 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Apm_server Elastic * 8.12.1 (excluding)

Potential Mitigations

References