CVE-2024-11994 | THREATINT

Description

APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.

PUBLISHED Reserved 2024-11-29 | Published 2025-05-01 | Updated 2025-05-01 | Assigner elastic

MEDIUM: 5.7CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

8.0.0 (semver) before 8.16.1

affected

References

discuss.elastic.co/...6-1-security-update-esa-2024-41/377710

cve.org (CVE-2024-11994)

nvd.nist.gov (CVE-2024-11994)

Download JSON