An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

Affected Packages

Go github.com/elastic/apm-server

Affected versions: 0 (fixed in 8.12.1)

Related CVEs

CVE-2024-23448

Key Information

GHSA ID

GHSA-8r33-q5j5-rh7g

Published

February 8, 2024 12:32 AM

Last Modified

November 18, 2024 4:26 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/elastic/apm-server

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.