cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37283,https://securityvulnerability.io/vulnerability/CVE-2024-37283,Elastic Agent Leaks Secrets When Debug Logging Enabled,"An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.",Elastic,Elastic Agent,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2023-6687,https://securityvulnerability.io/vulnerability/CVE-2023-6687,Elastic Agent Insertion of Sensitive Information into Log File,"An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default.",Elastic,Elastic Agent,6.8,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-12T19:15:00.000Z,0
CVE-2021-37942,https://securityvulnerability.io/vulnerability/CVE-2021-37942,APM Java Agent Local Privilege Escalation,"A local privilege escalation vulnerability exists in the APM Java Agent, where an attacker on the system may attach a malicious plugin to applications utilizing the agent. This flaw allows the execution of code with escalated permissions, potentially leading to unauthorized access to sensitive data and system configuration.",Elastic,Elastic Apm Java Agent,7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-22T01:33:48.984Z,0
CVE-2021-22143,https://securityvulnerability.io/vulnerability/CVE-2021-22143,Elastic APM .NET Agent information disclosure,"The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.",Elastic,Elastic Apm .net Agent,2.1,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-22T01:21:58.888Z,0
CVE-2023-31421,https://securityvulnerability.io/vulnerability/CVE-2023-31421,"Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue","A vulnerability has been identified in which Beats, Elastic Agent, APM Server, and Fleet Server do not adequately verify server certificates when connecting to target IP addresses. While the signature of the certificate is checked, the validation process fails to confirm the server certificate's IP Subject Alternative Name (SAN) values against the actual IP being targeted. This lapse means that if configured to connect via an IP address instead of a hostname, the expected security checks are bypassed, potentially allowing unauthorized access.",Elastic,"Beats,Elastic Agent,APM Server,Fleet Server",7.5,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2023-10-26T04:15:00.000Z,0
CVE-2021-22133,https://securityvulnerability.io/vulnerability/CVE-2021-22133,Sensitive HTTP Header Leakage in Elastic APM Agent for Go,"The Elastic APM Agent for Go prior to version 1.11.0 is vulnerable to information leakage. In scenarios where the application experiences a panic, sensitive HTTP header information may be logged without proper sanitization. This flaw can lead to unauthorized disclosure of sensitive data that the APM agent typically protects. Ensuring your APM agent is updated to version 1.11.0 or later is crucial for maintaining data security.",Elastic,Elastic Apm Agent For Go,2.4,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-02-10T18:55:15.000Z,0
CVE-2019-7617,https://securityvulnerability.io/vulnerability/CVE-2019-7617,,"When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.",Elastic,Elastic Apm Agent For Python,7.2,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2019-08-22T16:12:10.000Z,0
CVE-2019-7615,https://securityvulnerability.io/vulnerability/CVE-2019-7615,,"A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.",Elastic,Elastic Apm Agent For Ruby,7.4,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2019-07-30T21:15:47.000Z,0