elastic

237 tracked vulnerabilities.

CVE-2024-37281 MEDIUM
Kibana 7.0.0-7.17.23 - Denial of Service via Maliciously Crafted Requests
Jul 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37282 HIGH
Elastic Cloud Enterprise 3.0.0-3.7.1 - Improper Authorization via API Key Privilege Escalation
Jun 28, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-23443 MEDIUM
Kibana 7.0.0-7.17.22 - Authenticated Denial of Service via Malicious Osquery Pack Upload
Jun 19, 2024
CVSS 4.9
EPSS 0.05
CVE-2024-23442 MEDIUM
Kibana < 7.17.22 - Open Redirect via Maliciously Crafted URL
Jun 14, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37280 MEDIUM
Elasticsearch 8.13.1-8.13.9 - Denial of Service via Passthrough Field Mapping
Jun 13, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-37279 MEDIUM
Kibana 8.6.3-8.13.0 - Authenticated Denial of Service via Alerting Rule Run Soon API
Jun 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-23445 MEDIUM
Elasticsearch 8.10.0-8.13.4 - Sensitive Information Exposure via Cross-Cluster API Key Search Restriction Bypass
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23449 MEDIUM
Elasticsearch >= 8.4.0 < 8.11.1 - Info Disclosure
Mar 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-23451 MEDIUM
Elasticsearch 8.10.0-8.12.2 - Incorrect Authorization in Remote Cluster Security API Key Model
Mar 27, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-23450 MEDIUM
Elasticsearch 7.0.0-7.17.18 - Denial of Service via Deeply Nested Ingest Pipeline
Mar 27, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-23448 MEDIUM
APM Server < 8.12.1 - Sensitive Information Exposure via Error Logs
Feb 07, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-23447 MEDIUM
Elastic Network Drive Connector < 8.12.1 - Improper Access Control via Document Level Security
Feb 07, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-23446 MEDIUM
Kibana 8.0.0-8.12.0 - Improper Access Control in Detection Engine Search API
Feb 07, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-46669 MEDIUM
Elastic Agent/Elastic Security Endpoint - Info Disclosure
May 01, 2025
CVSS 6.2
EPSS 0.00
CVE-2023-49921 MEDIUM
Elasticsearch 7.0.0-7.17.15 - Sensitive Information Disclosure in Watcher Search Input Debug Logging
Jul 26, 2024
CVSS 5.2
EPSS 0.01
CVE-2023-46675 HIGH
Elastic Kibana <8.11.2 - Info Disclosure
Dec 13, 2023
CVSS 8.0
EPSS 0.00
CVE-2023-46671 HIGH
Kibana 8.0.0-8.11.0 - Sensitive Information Disclosure in Error Logs
Dec 13, 2023
CVSS 8.0
EPSS 0.00
CVE-2023-6687 MEDIUM
Elastic Agent 7.0.0-7.17.16 - Sensitive Information Disclosure in Log Files
Dec 12, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-49922 MEDIUM
Elastic Beats 7.0.0-7.17.15 and 8.0.0-8.11.2 - Sensitive Information Disclosure in Log Files
Dec 12, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-49923 MEDIUM
Elastic Enterprise Search 7.0.0-7.17.16 - Sensitive Information Disclosure in App Search Documents API Logs
Dec 12, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-46674 MEDIUM
Elasticsearch < 7.17.11 - Authenticated Remote Code Execution via Unsafe Java Deserialization
Dec 05, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-46673 MEDIUM
Elasticsearch 7.0.0-7.17.14 - Denial of Service via Malformed Script in Ingest Pipeline
Nov 22, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-46672 HIGH
Logstash 8.10.0-8.11.0 - Sensitive Information Disclosure in JSON Logs
Nov 15, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-31416 MEDIUM
Elastic Cloud on Kubernetes < 2.8 - Unauthenticated Exposure of Sensitive Information via APM Server
Oct 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-31419 MEDIUM
Elasticsearch 7.0.0-7.17.12 - Denial of Service via _search API Query String
Oct 26, 2023
CVSS 6.5
EPSS 0.39
Products
kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1
Quick Filters
Critical CVEs With Exploits In CISA KEV