Inclusion of Sensitive Information in Log Files in Elastic Agent - CVE-2024-37283
Published: August 9, 2024
Elastic Agent
Detailed vulnerability description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to software writes into log files secrets from the agent policy elastic-agent.yml when the log level is configured to "debug". A remote user with ability to access logs gain access to sensitive information and potentially compromise the system.