FKIE_CVE-2024-11994

Vulnerability from fkie_nvd - Published: 2025-05-01 14:15 - Updated: 2025-05-02 13:53
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.
References
security@elastic.cohttps://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs."
    },
    {
      "lang": "es",
      "value": "Los registros del servidor APM podr\u00edan contener partes del cuerpo del documento de una solicitud de indexaci\u00f3n masiva parcialmente fallida. Dependiendo de la naturaleza del documento, esto podr\u00eda revelar informaci\u00f3n confidencial en los registros de errores del servidor APM."
    }
  ],
  "id": "CVE-2024-11994",
  "lastModified": "2025-05-02T13:53:20.943",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "security@elastic.co",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-01T14:15:35.093",
  "references": [
    {
      "source": "security@elastic.co",
      "url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"
    }
  ],
  "sourceIdentifier": "security@elastic.co",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security@elastic.co",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.