APM Server Insertion of Sensitive Information into Log File (ESA-2024-19)
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
Affected Versions:
APM Server versions before 8.14.0
Solutions and Mitigations:
The issue is resolved in version 8.14.0.
Reviewing Logs for Sensitive Information
Users can search for instances of these documents and determine whether any sensitive information has been leaked in APM Server logs by searching for the following string
message: "unavailable_shards_exception"
and message: "source"
Severity: CVSSv3: 5.7(Medium) - AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE ID: CVE-2024-37286