Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2024-23448

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

Published: Feb 7, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-23448
GHSA: GHSA-8r33-q5j5-rh7g
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.7
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
elastic / apm_server	-	8.12.1
github.com/elastic/apm-server	-	8.12.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo