Elastic APM .NET Agent information disclosure
CVE-2021-22143

2.1LOW

Key Information:

Vendor: Elastic
Status: Elastic Apm .net Agent
Vendor: CVE Published:; 22 November 2023

Summary

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.

Affected Version(s)

Elastic APM .NET Agent 1.0.0 < 1.10.0

References

https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0...

https://www.elastic.co/community/security

CVSS V3.1

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Jan 4, 2021