Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
APM Server Insertion of Sensitive Information into Log File
Vulnerability Description
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elastic APM 日志信息泄露漏洞
Vulnerability Description
Elastic APM是荷兰Elastic公司的用于监控和分析应用程序性能的平台。 Elastic APM Server 8.12.1之前版本存在日志信息泄露漏洞,该漏洞源于可能会导致在日志中插入敏感或私人信息。
CVSS Information
N/A
Vulnerability Type
N/A