CVE-2024-52975

Name of the Vulnerable Software and Affected Versions: Fleet Server versions are not explicitly specified in the provided descriptions, but based on the available information, the issue is identified in Fleet Server.

Description: An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

Recommendations: Since specific affected versions of Fleet Server are not provided, a general recommendation based on the available data is to update Fleet Server to the latest version to ensure that any potential security issues, including the logging of sensitive information, are addressed. However, for precise guidance, it's essential to refer to the official Elastic Fleet Server security updates and announcements, such as the Fleet Server 8.15.0 Security Update (ESA-2024-31), which may provide specific instructions for mitigating the identified issue.