CVE-2024-23448

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23448

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23448.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-23448

Aliases

Related

Published

2024-02-07T22:15:09Z

Modified

2025-02-14T11:51:13.677545Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

References

Affected packages

Git / github.com/elastic/apm-server

Affected ranges

Type: GIT
Repo: https://github.com/elastic/apm-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

53446838048a050511b9ef1b7921806e5accbea1

Affected versions

v7.*

v7.0.0-alpha1

v7.0.0-alpha2

v8.*

v8.0.0-alpha1

v8.0.0-alpha2

v8.12.0