Primary

Context

Elastic APM Server Sensitive Information Disclosure Vulnerability in Logs

Vulnerability

Patched

A vulnerability exists in Elastic APM Server versions greater than 8.0.0 and less than 8.16.1, where error logs may inadvertently include parts of the document body from bulk index requests that partially failed. This could lead to the unintentional disclosure of sensitive information, depending on the nature of the documents involved.

Impact

Exploitation of this vulnerability could result in the leakage of sensitive information into APM Server error logs.

Remediation

Users can upgrade to APM Server version 8.16.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic APM Server Sensitive Information Disclosure Vulnerability in Logs

Vulnerability

Impact

Remediation

Affected Products

Elastic APM Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating