Moderate severityNVD Advisory· Published Aug 3, 2024· Updated Sep 3, 2024
APM Server Insertion of Sensitive Information into Log File
CVE-2024-37286
Description
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/elastic/apm-serverGo | < 8.14.0 | 8.14.0 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/apm-serverpkg:apk/chainguard/apm-server-compatpkg:apk/chainguard/apm-server-fipspkg:golang/github.com/elastic/apm-server
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 8.14.0
- Range: 8.14.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.