Primary

Context

Elastic Fleet Server Sensitive Information Exposure in Logs Vulnerability

Vulnerability

Patched

A vulnerability exists in Elastic Fleet Server versions 8.13.0 prior to 8.15.0, where Fleet policies containing sensitive information could be inadvertently logged at INFO and ERROR levels. The type of sensitive information exposed varies based on the enabled integrations.

Impact

This vulnerability could lead to unauthorized exposure of sensitive information through application logs.

Remediation

Users are advised to upgrade to Elastic Fleet Server version 8.15.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Fleet Server Sensitive Information Exposure in Logs Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Elastic Fleet Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating