CVE-2024-52975

Critical

Published: 23 January 2025

Published

23 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0034 57.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

Security Summary

CVE-2024-52975 is a vulnerability in Fleet Server, part of the Elastic Stack, where Fleet policies containing sensitive information are logged at INFO and ERROR log levels. The nature of the sensitive information varies based on enabled integrations. This issue corresponds to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and was published on 2025-01-23 with a CVSS v3.1 base score of 9.0 (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

An attacker with low privileges (PR:L) and adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N). Exploitation involves accessing the logs to retrieve sensitive data from Fleet policies, potentially leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) due to the changed scope (S:C).

Elastic Security Advisory ESA-2024-31 addresses this issue via a security update for Fleet Server 8.15.0. Security practitioners should consult the advisory at https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522 for detailed mitigation steps and patching guidance.

Details

CWE(s): CWE-200

References

https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522
security@elastic.co