An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.
History

Fri, 09 Aug 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 23:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.
Title Elastic Agent Insertion of Sensitive Information into Log File
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 6.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2024-08-08T23:34:22.070Z

Updated: 2024-08-09T15:34:02.839Z

Reserved: 2024-06-05T14:21:14.942Z

Link: CVE-2024-37283

cve-icon Vulnrichment

Updated: 2024-08-09T15:33:55.763Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-12T13:38:23.093

Modified: 2024-08-12T13:41:36.517

Link: CVE-2024-37283

cve-icon Redhat

No data.