Elastic Agent Leaks Secrets When Debug Logging Enabled
CVE-2024-37283

Currently unrated

Key Information:

Vendor: Elastic
Status: Elastic Agent
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-37283?

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.

Affected Version(s)

Elastic Agent 8.6.0 < 8.15.0

References

https://discuss.elastic.co/t/elastic-agent-8-15-0-securit...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jun 5, 2024