CVE-2021-22143

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668	Vendor Advisory
https://www.elastic.co/community/security	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:apm_.net_agent:*:*:*:*:*:*:*:*

History

30 Nov 2023, 18:33

Type	Values Removed	Values Added
CPE		cpe:2.3:a:elastic:apm_.net_agent::::::::
CWE		CWE-532
First Time		Elastic apm .net Agent Elastic
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
References	~~() https://www.elastic.co/community/security -~~	() https://www.elastic.co/community/security - Vendor Advisory
References	~~() https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668 -~~	() https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668 - Vendor Advisory

22 Nov 2023, 03:36

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-22 02:15

Updated : 2023-12-10 15:26

NVD link : CVE-2021-22143

Mitre link : CVE-2021-22143

CVE.ORG link : CVE-2021-22143

JSON object : View

Products Affected

elastic

apm_.net_agent

CWE

CWE-532

Insertion of Sensitive Information into Log File

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-22143", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.7}]}, "published": "2023-11-22T02:15:41.860", "references": [{"url": "https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent."}, {"lang": "es", "value": "Elastic APM .NET Agent puede filtrar informaci\u00f3n confidencial del encabezado HTTP al registrar los detalles durante un error de la aplicaci\u00f3n. Normalmente, el agente de APM sanitizar\u00e1 los detalles confidenciales del encabezado HTTP antes de enviar la informaci\u00f3n al servidor de APM. Durante un error de aplicaci\u00f3n, es posible que los encabezados no se saniticen antes de enviarlos."}], "lastModified": "2023-11-30T18:33:39.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:apm_.net_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09686D38-9240-4B82-8117-54E74CA49760", "versionEndExcluding": "1.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}