Vulnerability Description
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Apm Server | < 8.12.1 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/35268Vendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
- https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/35268Vendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
FAQ
What is CVE-2024-23448?
CVE-2024-23448 is a vulnerability with a CVSS score of 5.7 (MEDIUM). An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original do...
How severe is CVE-2024-23448?
CVE-2024-23448 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23448?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Apm Server.