Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37286


APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.


Published

2024-08-03T16:15:49.060

Last Modified

2024-09-11T20:20:34.503

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-532
  • Type: Primary
    CWE-532

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application elastic apm_server < 8.14.0 Yes

References