- EPSS 0.01%
- Veröffentlicht 30.07.2025 00:12:43
- Zuletzt bearbeitet 31.07.2025 18:42:37
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit thi...
CVE-2024-11994
- EPSS 0.02%
- Veröffentlicht 01.05.2025 13:06:54
- Zuletzt bearbeitet 02.05.2025 13:53:20
APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.
CVE-2024-37286
- EPSS 0.32%
- Veröffentlicht 03.08.2024 16:15:49
- Zuletzt bearbeitet 11.09.2024 20:20:34
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES res...
CVE-2024-23448
- EPSS 0.32%
- Veröffentlicht 07.02.2024 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:57:43
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document th...
CVE-2023-31421
- EPSS 0.09%
- Veröffentlicht 26.10.2023 04:15:16
- Zuletzt bearbeitet 21.11.2024 08:01:49
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More...