CVE-2024-11994Sensitive Information Exposure in APM Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 73.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic APM Server
Timeline
PublishedMay 1

Description

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages1 packages

CVEListV5elastic/apm_server8.0.08.16.1

🔴Vulnerability Details

2
CVEList
APM Server Insertion of Sensitive Information into Log File2025-05-01
GHSA
GHSA-p93v-94fp-qv28: APM server logs could contain parts of the document body from a partially failed bulk index request2025-05-01
CVE-2024-11994 — Sensitive Information Exposure | cvebase