CVE-2024-52975Sensitive Information Exposure in Fleet Server

CWE-200Sensitive Information Exposure18 documents4 sources
Severity
9.0CRITICALNVD
EPSS
0.3%
top 51.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Fleet Server
Timeline
PublishedJan 23
Latest updateDec 4

Description

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5elastic/fleet_server8.13.08.15.0

🔴Vulnerability Details

17
OSV
linux vulnerabilities2025-12-04
OSV
linux-azure-fips vulnerabilities2025-10-21
OSV
linux-oracle-5.4 vulnerabilities2025-10-21
OSV
linux-azure, linux-azure-5.4 vulnerabilities2025-10-13
OSV
linux-iot vulnerabilities2025-08-21
CVE-2024-52975 — Sensitive Information Exposure | cvebase