exploitDog

CVE-2024-37283

Опубликовано: 12 авг. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.

Ссылки

https://discuss.elastic.co/t/elastic-agent-8-15-0-security-update-esa-2024-23/364635
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*

Версия от 8.6.0 (включая) до 8.15.0 (исключая)

EPSS

Процентиль: 58%

0.00372

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

GHSA-9mq7-8hm8-q3mp

CVSS3: 6.5

github

больше 1 года назад

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.

EPSS

Процентиль: 58%

0.00372

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-532