Elastic APM Server 8.x < 8.16.1 Information Disclosure (ESA-2024-41)

The version of Elastic APM Server installed on the remote host is 8.x prior to 8.16.1. It is, therefore, affected by an information disclosure vulnerability: - APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the...

CVE-2026-0528 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, cloudbeat, beats, apm-server, apm-server-fips...

GHSA-W2GR-585J-R428 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, cloudbeat, beats, apm-server, apm-server-fips...

EUVD-2024-2568

Malicious code in bioql PyPI...

EUVD-2024-0582

Malicious code in bioql PyPI...

EUVD-2025-13048

Malicious code in bioql PyPI...

CVE-2025-47910 vulnerabilities

Vulnerabilities for packages: helm-push, zot, helm-operator, src, traefik, dapr, k8sgateway, nginx-prometheus-exporter, glow, ip-masq-agent, clickhouse-operator, grafana-rollout-operator, nri-rabbitmq, terraform, ko, kube-logging-operator, ipfs-cluster, nats-server-config-reloader, apm-server,...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: helm-push, zot, helm-operator, src, traefik, dapr, k8sgateway, nginx-prometheus-exporter, glow, ip-masq-agent, clickhouse-operator, grafana-rollout-operator, nri-rabbitmq, terraform, ko, kube-logging-operator, ipfs-cluster, nats-server-config-reloader, apm-server,...

CVE-2025-0712

CVE-2025-0712 concerns Elastic APM Server on Windows and its installer. A local attacker could exploit an uncontrolled search path element caused by insecure directory permissions during Windows installer usage, enabling local privilege escalation to SYSTEM. Affected: APM Server Windows installer...

CVE-2025-0712 APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer

An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files,...

APM Server (Windows Installer) 8.16.3, 8.17.1 Security Update (ESA-2025-01)

APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation LPE when using the Windows Installer ESA-2025-01 An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improp...

CVE-2024-11994

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs...

CVE-2024-11994

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs...

CVE-2024-11994

CVE-2024-11994 affects Elastic APM Server. A partially failed bulk index request can cause parts of the document body to be logged in APM Server error logs, potentially exposing sensitive information. Affected versions are Elastic APM Server prior to the fix; mitigation is to upgrade to version 8...

CVE-2024-11994 APM Server Insertion of Sensitive Information into Log File

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs...

CVE-2024-11994 APM Server Insertion of Sensitive Information into Log File

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs...

PT-2025-18390 · Elastic · Apm Server

Name of the Vulnerable Software and Affected Versions: Elasticsearch APM Server affected versions not specified Description: The issue concerns the potential disclosure of sensitive information in APM Server error logs. This could happen when a bulk index request partially fails, causing parts of...

APM Server 8.14.0 Security Update (ESA-2024-09)

APM Server - Uncontrolled Resource Consumption through HTTP/2 endpoints - CVE-2023-45288 ESA-2024-09 On April 4, 2024, the Go Project announced CVE-2023-45288, which can lead to CPU exhaustion as an attacker can cause an HTTP/2 endpoint to read arbitrary amounts of header data. In an on-prem...

GO-2024-3037 APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server

APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Insertion Of Sensitive Information Into Log File

github.com/elastic/apm-server is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the APM server logging the document body from a partially failed bulk index request, caused by the ES response line containing the document body and being logged on error...