Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37283

Aug. 12, 2024, 1:41 p.m.

Tags

CWE-532
bressers@elastic.co
2024-08-12
CVE-2024-37283

Product(s) Impacted

Elastic Agent

Description

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.

Weaknesses

CWE-532
Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

CWE ID: 532

Date

Published: Aug. 12, 2024, 1:38 p.m.

Last Modified: Aug. 12, 2024, 1:41 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

bressers@elastic.co

References

https://discuss.elastic.co/ bressers@elastic.co