DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-37286

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-37286

CGA ID

CGA-g3h9-fv47-6r77

Severity

5.7

Medium

CVSS V3

Summary

APM Server vulnerable to Insertion of Sensitive Information into Log File

Description

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.

References

  • https://images.chainguard.dev/security/CGA-g3h9-fv47-6r77

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images