- EPSS 0.01%
- Published 30.07.2025 00:12:43
- Last modified 31.07.2025 18:42:37
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit thi...
CVE-2024-11994
- EPSS 0.02%
- Published 01.05.2025 13:06:54
- Last modified 02.05.2025 13:53:20
APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.
CVE-2024-37286
- EPSS 0.32%
- Published 03.08.2024 16:15:49
- Last modified 11.09.2024 20:20:34
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES res...
CVE-2024-23448
- EPSS 0.32%
- Published 07.02.2024 22:15:09
- Last modified 21.11.2024 08:57:43
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document th...
CVE-2023-31421
- EPSS 0.09%
- Published 26.10.2023 04:15:16
- Last modified 21.11.2024 08:01:49
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More...