3 matches found
GHSA-F6CJ-4H3G-HWQ4 APM Server vulnerable to Insertion of Sensitive Information into Log File
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively...
CVE-2024-37286
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively...
CVE-2024-37286
The CVE-2024-37286 issue affects the Elastic APM Server (github.com/elastic/apm-server). The root cause is that during a partially failed bulk index, the ES response line can include the document body, which the APM server then logs on error, potentially exposing sensitive information. Several co...