elastic

256 tracked vulnerabilities.

CVE-2017-8445 MEDIUM
Elastic X-Pack Security 5.0.0-5.5.1 - Improper Certificate Validation in TLS Trust Manager
Aug 18, 2017
CVSS 5.5
EPSS 0.00
CVE-2017-8442 MEDIUM
Elasticsearch X-Pack Security <5.4.3 - Info Disclosure
Jul 07, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-8443 MEDIUM
Kibana X-Pack Security < 5.4.3 - Unauthenticated Credential Exposure via Crafted Login URL
Jun 30, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-8452 HIGH
Kibana < 5.2.1 - Denial of Service via File Descriptor Leak
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-8451 MEDIUM
Kibana < 5.3.0 and Elastic X-Pack Security < 5.3.1 - Open Redirect via Login Page
Jun 16, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-8450 HIGH
Elastic X-Pack 5.1.1 - Unauthorized Exposure of Sensitive Information via Multi-Search and Multi-Get Requests
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-8449 MEDIUM
Elastic X-Pack Security 5.2.0-5.2.1 - Sensitive Information Exposure via FLS Rule Merging
Jun 16, 2017
CVSS 5.9
EPSS 0.01
CVE-2017-8441 MEDIUM
Elastic X-Pack Security < 5.4.1 and 5.3.3 - Unauthorized Data Access via Index Alias
Jun 05, 2017
CVSS 4.3
EPSS 0.01
CVE-2017-8440 MEDIUM
Kibana 5.3.0-5.3.3 and >=5.4.1 - Cross-Site Scripting in Discover Page
Jun 05, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-8439 MEDIUM
Kibana 5.4.0 - Cross-Site Scripting in Time Series Visual Builder
Jun 05, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-8438 HIGH
Elastic X-Pack Security 5.0.0-5.4.0 - Improper Privilege Management in run_as Functionality
Jun 05, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-10366 MEDIUM
Kibana 4.3-4.6.2 - Cross-Site Scripting
Jun 16, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-10365 MEDIUM
Kibana < 4.6.3 and < 5.0.1 - Open Redirect via Crafted Link
Jun 16, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-10364 MEDIUM
Kibana 5.0.0-5.0.1 - Authenticated Privilege Escalation via Advanced Settings and Short URL Service
Jun 16, 2017
CVSS 6.5
EPSS 0.01
CVE-2016-10363 HIGH
Logstash < 2.3.3 - Denial of Service via Netflow Codec Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-10362 MEDIUM
Logstash < 5.0.1 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 6.5
EPSS 0.01
CVE-2016-1000222 HIGH
Logstash < 2.1.1 - Argument Injection via CSV Output
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-1000221 HIGH
Logstash < 2.3.4 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-1000220 MEDIUM
Kibana 4.1.0-4.1.10 - Cross-Site Scripting
Jun 16, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-1000219 HIGH
Kibana <4.5.4, 4.1.11 - Info Disclosure
Jun 16, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-1000218 HIGH
Kibana Reporting 2.4.0 - Cross-Site Request Forgery
Jun 16, 2017
CVSS 8.8
EPSS 0.01
CVE-2015-5377 CRITICAL
Elasticsearch < 1.6.1 - Remote Code Execution via Transport Protocol
Mar 06, 2018
CVSS 9.8
EPSS 0.15
CVE-2015-5619 MEDIUM
Logstash <1.4.5-1.5.4 - Info Disclosure
Aug 09, 2017
CVSS 5.9
EPSS 0.01
CVE-2015-5378 HIGH
Logstash <1.5.3, <1.4.4 - Info Disclosure
Jun 27, 2017
CVSS 7.5
EPSS 0.02
CVE-2015-9056 MEDIUM
Kibana < 4.1.3 and 4.2.1 - Cross-Site Scripting
Jun 16, 2017
CVSS 6.1
EPSS 0.01