Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
APM Server Insertion of Sensitive Information into Log File
Vulnerability Description
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Elastic APM Server 安全漏洞
Vulnerability Description
Elastic APM Server是荷兰Elastic公司的一个轻量级的 Agent。 Elastic APM Server 8.14.0之前版本存在安全漏洞,该漏洞源于服务器记录错误日志时会无意中记录敏感信息,从而导致数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A