Information disclosure in Elastic Fleet Server
CVE-2024-52975
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
Vulnerability class: Information Disclosure
EPSS: 0.003 (18.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Elastic Fleet Server — versions 8.13.0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2024-52975?
- CVE-2024-52975 is a critical-severity vulnerability in Elastic Fleet Server, classified under Information Disclosure. CVSS score: 9.0/10. Published 2025-01-23.
- How severe is CVE-2024-52975?
- Critical severity. CVSS v3 base score is 9.0 out of 10.