Elastic APM .NET Agent information disclosure
CVE-2021-22143

2.1LOW

Key Information:

Vendor: Elastic
Status: Elastic Apm .net Agent
Vendor: CVE Published:; 22 November 2023

What is CVE-2021-22143?

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Elastic APM .NET Agent 1.0.0 < 1.10.0

References

https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0...

https://www.elastic.co/community/security

CVSS V3.1

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Jan 4, 2021

JSON

Elastic