Main Vulnerability Database Vulnerabilities #VU86375

Inclusion of Sensitive Information in Log Files in APM Server - CVE-2024-23448

Published: February 13, 2024

Vulnerability identifier: #VU86375

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-23448

CWE-ID: CWE-532

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
APM Server

Software vendor:
Elastic Stack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software includes sensitive information into log files when an error occurs during file indexing with ERROR level set. A remote user can view the log files and gain access to sensitive data.

Remediation

Install updates from vendor's website.

External links

https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688
https://www.elastic.co/community/security

Inclusion of Sensitive Information in Log Files in APM Server - CVE-2024-23448

Description

Remediation

External links

Please verify you're human