cbcvebase.
CVE-2024-23448
published 2024-02-07

CVE-2024-23448: An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.58%
43.3th percentile
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

Affected

3 ranges
VendorProductVersion rangeFixed in
elasticapm_server< 8.12.18.12.1
elasticapm_server>= 8.12 < 8.12.18.12.1
github.comelastic_apm-server>= 0 < 8.12.18.12.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.