CVE-2024-23448

CVSS V2 None CVSS V3 None

Description

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

Overview

CVE ID
CVE-2024-23448

Assigner
elastic

Vulnerability Status
PUBLISHED

Published Version
2024-02-07T21:37:45.908Z

Last Modified Date
2024-02-07T21:37:45.908Z

Weakness Enumerations

CWE	URL
CWE-532	http://cwe.mitre.org/data/definitions/532.html

References

Reference URL	Reference Tags
https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688
https://www.elastic.co/community/security

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-23448
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23448

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 06:44:43				Added to TrackCVE