Logging of Document Bodies in Elastic APM Server
CVE-2024-37286

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Apm Server
Vendor: CVE Published:; 3 August 2024

What is CVE-2024-37286?

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.

References

https://discuss.elastic.co/t/apm-server-8-14-0-security-u...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2024