Information disclosure in Elastic Fleet Server

CVE-2024-52975

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

Vulnerability class: Information Disclosure

EPSS: 0.003 (18.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-52975?
CVE-2024-52975 is a critical-severity vulnerability in Elastic Fleet Server, classified under Information Disclosure. CVSS score: 9.0/10. Published 2025-01-23.
How severe is CVE-2024-52975?
Critical severity. CVSS v3 base score is 9.0 out of 10.