VDB
CVE-2024-23448
CVE-2024-23448
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.
EPSS 0.32% · 55.1th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.32%
55.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | elastic/apm-server | 0 |
| Elastic | APM Server | 8.12 |
| elastic | apm_server | 0 |
Timeline
- Feb 7, 2024 CVE Published
- Feb 8, 2024 EPSS Score
- Mar 6, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 23, 2024 EPSS Score
- Jul 20, 2024 EPSS Score
- Aug 1, 2024 CVE Updated
- Aug 17, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
References
- https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-01/352686 advisory
- https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688 url
- https://www.elastic.co/community/security url
- https://nvd.nist.gov/vuln/detail/CVE-2024-23448 advisory
- https://github.com/elastic/apm-server package