CVE-2024-37286

APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*

History

11 Sep 2024, 20:20

Type	Values Removed	Values Added
CPE		cpe:2.3:a:elastic:apm_server::::::::
First Time		Elastic apm Server Elastic
CVSS	v2 : ~~unknown~~ v3 : ~~5.7~~	v2 : unknown v3 : 6.5
References	~~() https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289 -~~	() https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289 - Vendor Advisory

05 Aug 2024, 12:41

Type	Values Removed	Values Added
Summary		(es) Los registros del servidor APM contienen el cuerpo del documento de una solicitud de índice masivo parcialmente fallida. Por ejemplo, en caso de unavailable_shards_exception para un documento específico, dado que la línea de respuesta de ES contiene el cuerpo del documento y el servidor APM registra la línea de respuesta de ES en caso de error, el documento se registra efectivamente.

03 Aug 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-03 16:15

Updated : 2024-09-11 20:20

NVD link : CVE-2024-37286

Mitre link : CVE-2024-37286

CVE.ORG link : CVE-2024-37286

JSON object : View

Products Affected

elastic

apm_server

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-37286", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-08-03T16:15:49.060", "references": [{"url": "https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged."}, {"lang": "es", "value": "Los registros del servidor APM contienen el cuerpo del documento de una solicitud de \u00edndice masivo parcialmente fallida. Por ejemplo, en caso de unavailable_shards_exception para un documento espec\u00edfico, dado que la l\u00ednea de respuesta de ES contiene el cuerpo del documento y el servidor APM registra la l\u00ednea de respuesta de ES en caso de error, el documento se registra efectivamente."}], "lastModified": "2024-09-11T20:20:34.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89FBC837-20A5-4B03-9A17-9BE29D5520D0", "versionEndExcluding": "8.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}