CVE-2021-22133 is a vulnerability in Elastic Apm Agent
Published on February 10, 2021
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2021-22133
Want to know whenever a new CVE is published for Elastic Apm Agent? stack.watch will email you.
Affected Versions
Elastic APM Agent for Go Version before 1.11.0 is affected by CVE-2021-22133Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.