- Description
- An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
- Source
- bressers@elastic.co
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- bressers@elastic.co
- CWE-200
- Hype score
- Not currently trending
🚨 CVE Alert: Critical Elastic Fleet Server Information Exposure Vulnerability🚨 Vulnerability Details: CVE-2024-52975 (CVSS 9.0/10) Elastic Fleet Server Information Exposure via Logs Vulnerability Impact A Successful exploit may lead to exposure of sensitive information to… ht
@CyberxtronTech
27 Jan 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52975 (CVSS 9.0): Fleet Server Update Patches Critical Information Exposure Vulnerability https://t.co/AdFSotJOvQ
@Dinosn
27 Jan 2025
1799 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Elasticsearch社がElastic Agentの主要コンポーネントであるFleet Serverにおける重大(Critical)な脆弱性を修正。CVE-2024-52975はCVSSスコア9.0で、INFOやERRORのログレベルで機微情報が吐き出されるもの。出される情報は統合の状況に大きく依存。 https://t.co/IMokJkzp3e
@__kokumoto
27 Jan 2025
1117 Impressions
2 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-52975 An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sens… https://t.co/sVMaaSsjuC
@CVEnew
23 Jan 2025
442 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-52975: CRITICAL] Cyber security concern: Fleet Server logs sensitive data in INFO and ERROR logs, posing risks depending on integrations. #CyberSecurity #DataPrivacy#cybersecurity,#vulnerability https://t.co/232Ke4phe6 https://t.co/OPqErOX00m
@CveFindCom
23 Jan 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes