CVE-2024-37286

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-03 16:15

Updated : 2024-09-11 20:20

NVD link : CVE-2024-37286

Mitre link : CVE-2024-37286

CVE.ORG link : CVE-2024-37286

JSON object : View

Products Affected

elastic

apm_server

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-37286", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-03T16:15:49.060", "references": [{"url": "https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged."}, {"lang": "es", "value": "Los registros del servidor APM contienen el cuerpo del documento de una solicitud de \u00edndice masivo parcialmente fallida. Por ejemplo, en caso de unavailable_shards_exception para un documento espec\u00edfico, dado que la l\u00ednea de respuesta de ES contiene el cuerpo del documento y el servidor APM registra la l\u00ednea de respuesta de ES en caso de error, el documento se registra efectivamente."}], "lastModified": "2024-09-11T20:20:34.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89FBC837-20A5-4B03-9A17-9BE29D5520D0", "versionEndExcluding": "8.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}