Sensitive HTTP Header Leakage in Elastic APM Agent for Go
CVE-2021-22133

2.4LOW

Key Information:

Vendor: Elastic
Status: Elastic Apm Agent For Go
Vendor: CVE Published:; 10 February 2021

Summary

The Elastic APM Agent for Go prior to version 1.11.0 is vulnerable to information leakage. In scenarios where the application experiences a panic, sensitive HTTP header information may be logged without proper sanitization. This flaw can lead to unauthorized disclosure of sensitive data that the APM agent typically protects. Ensuring your APM agent is updated to version 1.11.0 or later is crucial for maintaining data security.

Affected Version(s)

Elastic APM Agent for Go before 1.11.0

References

https://discuss.elastic.co/t/elastic-apm-agent-for-go-1-1...

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Jan 4, 2021