Elastic APM Server 8.x < 8.16.1 Information Disclosure (ESA-2024-41)

The version of Elastic APM Server installed on the remote host is 8.x prior to 8.16.1. It is, therefore, affected by an information disclosure vulnerability: - APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the...

EUVD-2021-1171

Malware in sbrugna...

EUVD-2019-0048

Malware in sbrugna...

EUVD-2022-2113

Malicious code in bioql PyPI...

EUVD-2023-2978

Malicious code in bioql PyPI...

CVE-2019-7615

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'servercacert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the...

Elastic APM Server 安全漏洞

Elastic APM Server is a lightweight Agent from the Dutch company Elastic. A security vulnerability exists in Elastic APM Server versions prior to 8.14.0, which stems from the server recording error logs that inadvertently record sensitive information, leading to a data leak...

Malicious code in Be.Vlaanderen.Basisregіsters.OpenTеlemetrу.Elаstic.Apm (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4074 Malicious code in Be.Vlaanderen.Basisregіsters.OpenTеlemetrу.Elаstic.Apm (NuGet)

--- -= Per source details. Do not edit below this line.=-...

The vulnerability of the server-based software for monitoring and analyzing application performance, Elastic APM Server, arises from the ability to disclose information through registration files, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of the server-based software for monitoring and analyzing application performance, Elastic APM Server, is related to the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to compromise the confidentiality of the protected...

Vulnerabilities include agents for data collection and delivery in Elasticsearch or Logstash Elastic Beats, agents for collecting metrics in Elastic Agent, server software for monitoring and analyzing application performance in Elastic APM Server, server software for managing agents in Elastic Fleet Server. Issues also involve errors in the TLS certificate validation process, allowing attackers to establish connections with invalid server certificates.

The vulnerability affects agents for data collection and delivery in Elasticsearch or Logstash Elastic Beats, agents for collecting metrics in Elastic Agent, server software for monitoring and analyzing application performance in Elastic APM Server, and server software for managing agents in...

Exposure of Sensitive Information in Elastic APM .NET Agent

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

GHSA-HX93-GC73-5RPR Exposure of Sensitive Information in Elastic APM .NET Agent

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure when logging details during an application error. An attacker can leak sensitive HTTP header information by triggering an application error. This is only exploitable if the headers are not sanitized before being sen...

CVE-2021-22143

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2021-22143 Elastic APM .NET Agent information disclosure

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

CVE-2021-22143

CVE-2021-22143 affects the Elastic APM .NET Agent, where sensitive HTTP header information can be leaked when logging errors because headers may not be sanitized before being sent to the APM server. This vulnerability concerns the Elastic APM .NET Agent components involved in error logging and he...

CVE-2021-22143 Elastic APM .NET Agent information disclosure

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

PT-2023-12039 · Elastic · Apm .Net Agent

Name of the Vulnerable Software and Affected Versions: Elastic APM .NET Agent affected versions not specified Description: The issue concerns the Elastic APM .NET Agent leaking sensitive HTTP header information when logging application error details. Normally, the agent sanitizes sensitive HTTP...

Malicious code in elastic-apm-rum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3134e83247b4ff3e676cf0dd4b3378ca1bf9f4ff0adfee2583b6745d70adaca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...