Variable Name Clash Flaw in Elastic APM Agent for Python by Elastic
CVE-2019-7617

7.2HIGH

Key Information:

Vendor: Elastic
Status: Elastic Apm Agent For Python
Vendor: CVE Published:; 22 August 2019

What is CVE-2019-7617?

The Elastic APM agent for Python, when executed as a CGI script prior to version 5.1.0, is susceptible to a variable name clash issue. A remote attacker who can manipulate proxy headers may exploit this vulnerability to redirect APM data to an unauthorized proxy server. This flaw underscores the importance of securing application performance monitoring tools to prevent data leakage and unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Elastic APM agent for Python before 5.1.0

References

https://www.elastic.co/community/security/

x_refsource_MISC

https://discuss.elastic.co/t/elastic-apm-agent-for-python...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 22, 2019
Vulnerability Reserved
Feb 7, 2019

JSON

Elastic