Опубликовано: 03 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 5.7
Описание
APM Server vulnerable to Insertion of Sensitive Information into Log File
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
Пакеты
Наименование
github.com/elastic/apm-server
go
Затронутые версииВерсия исправления
< 8.14.0
8.14.0
Связанные уязвимости
CVSS3: 5.7
nvd
больше 1 года назад
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.