CVE-2024-37286
CVSS V2 None
CVSS V3 None
Description
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
Overview
- CVE ID
- CVE-2024-37286
- Assigner
- elastic
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-03T15:16:22.700Z
- Last Modified Date
- 2024-08-03T15:16:22.700Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-37286 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37286 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-04 13:02:24 | Added to TrackCVE |