CVE-2024-37286 Information

Description

APM server logs contain document body from a partially failed bulk index request. For example in case of unavailable_shards_exception for a specific document since the ES response line contains the document body and that APM server logs the ES response line on error the document is effectively logged.

Reference

https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289