An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Fri, 09 Aug 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 23:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.
Title Elastic Agent Insertion of Sensitive Information into Log File
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 6.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published:

Updated: 2024-08-09T15:34:02.839Z

Reserved: 2024-06-05T14:21:14.942Z

Link: CVE-2024-37283

cve-icon Vulnrichment

Updated: 2024-08-09T15:33:55.763Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-12T13:38:23.093

Modified: 2025-09-29T14:06:40.593

Link: CVE-2024-37283

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:01:10Z