← Zuruck zu CVEs
CVE-2024-37286
MEDIUM5.7
Beschreibung
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
CVE Details
CVSS v3.1 Bewertung5.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht8/3/2024
Zuletzt geandert9/11/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
elastic:apm_server
Schwachen (CWE)
CWE-532CWE-532
Referenzen
https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289(security@elastic.co)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.