Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22143

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.

Published

2023-11-22T02:15:41.860

Last Modified

2024-11-21T05:49:35.437

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.1 (LOW)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	apm_.net_agent	< 1.10.0	Yes

References

https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668 Vendor Advisory ([email protected])
https://www.elastic.co/community/security Vendor Advisory ([email protected])
https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)