elastic

256 tracked vulnerabilities.

CVE-2024-12556 HIGH
Kibana 8.16.1-8.16.3 - Prototype Pollution and Code Injection via File Upload and Path Traversal
Apr 08, 2025
CVSS 8.7
EPSS 0.00
CVE-2024-52981 MEDIUM
Elasticsearch 7.17.0-7.17.23 - Denial of Service via Well-KnownText GeometryCollection Recursion
Apr 08, 2025
CVSS 4.9
EPSS 0.01
CVE-2024-52980 MEDIUM
Elasticsearch 7.17.0-8.15.0 - Denial of Service via PatternBank Recursion
Apr 08, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-52974 MEDIUM
Kibana 7.17.0-7.17.23 - Denial of Service via Observability API
Apr 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43708 MEDIUM
Kibana < 7.17.23 - Denial of Service via Crafted Payload to UI Inputs
Jan 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-52975 CRITICAL
Elastic Fleet Server 8.13.0-8.14.2 - Sensitive Information Exposure via Log Files
Jan 23, 2025
CVSS 9.0
EPSS 0.00
CVE-2024-52972 MEDIUM
Kibana < 7.17.23 - Denial of Service via Crafted Request to /api/metrics/snapshot
Jan 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43710 MEDIUM
Kibana 8.7.0-8.14.3 - Server-Side Request Forgery via Fleet Health Check API
Jan 23, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-43707 HIGH
Kibana 8.7.0-8.14.3 - Unauthorized Exposure of Elastic Agent Policy Information
Jan 23, 2025
CVSS 7.7
EPSS 0.00
CVE-2024-52973 MEDIUM
Kibana < 7.17.23 - Denial of Service via /api/log_entries/summary Request
Jan 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43709 MEDIUM
Elasticsearch 7.17.0-7.17.20 - Denial of Service via SQL Function Query
Jan 21, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-37284 MEDIUM
Elastic Defend < - Memory Corruption
Jan 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2024-12539 MEDIUM
Elasticsearch 8.16.0-8.16.1 - Incorrect Authorization Bypass of Document Level Security
Dec 17, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37285 CRITICAL
Kibana 8.10.0-8.14.2 - Authenticated Remote Code Execution via YAML Deserialization
Nov 14, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-37288 CRITICAL
Kibana - Remote Code Execution via YAML Deserialization in AI Tools Amazon Bedrock Connector
Sep 09, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-37287 CRITICAL
Kibana 7.7.0-7.17.23 - Authenticated Remote Code Execution via Prototype Pollution in ML and Alerting Connector Features
Aug 13, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-37283 MEDIUM
Elastic Agent 8.6.0-8.14.2 - Sensitive Information Disclosure in Debug Logs
Aug 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-37286 MEDIUM
APM Server < 8.14.0 - Sensitive Information Disclosure in Error Logs
Aug 03, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-23444 MEDIUM
Elasticsearch 7.0.0-7.17.22 & 8.0.0-alpha1-8.12.4 - Unencrypted Private Key Storage
Jul 31, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-37281 MEDIUM
Kibana 7.0.0-7.17.23 - Denial of Service via Maliciously Crafted Requests
Jul 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37282 HIGH
Elastic Cloud Enterprise 3.0.0-3.7.1 - Improper Authorization via API Key Privilege Escalation
Jun 28, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-23443 MEDIUM
Kibana 7.0.0-7.17.22 - Authenticated Denial of Service via Malicious Osquery Pack Upload
Jun 19, 2024
CVSS 4.9
EPSS 0.02
CVE-2024-23442 MEDIUM
Kibana < 7.17.22 - Open Redirect via Maliciously Crafted URL
Jun 14, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37280 MEDIUM
Elasticsearch 8.13.1-8.13.9 - Denial of Service via Passthrough Field Mapping
Jun 13, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-37279 MEDIUM
Kibana 8.6.3-8.13.0 - Authenticated Denial of Service via Alerting Rule Run Soon API
Jun 13, 2024
CVSS 4.3
EPSS 0.00