elastic
237 tracked vulnerabilities.
CVE-2023-31418
HIGH
Elasticsearch < 7.17.13 - Unauthenticated Denial of Service via Malformed HTTP Requests
Oct 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31417
MEDIUM
Elasticsearch 7.0.0-7.17.12 - Sensitive Information Exposure in Audit Logs via Deprecated API URIs
Oct 26, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-46666
MEDIUM
Elastic Sharepoint Online Python Connector - Info Disclosure
Oct 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-31421
MEDIUM
Beats/Elastic Agent/APM Server/Fleet Server - SSL Validation
Oct 26, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-31422
CRITICAL
Elastic Kibana <8.10.1 - Info Disclosure
Oct 26, 2023
CVSS 9.0
EPSS 0.00
CVE-2023-46667
HIGH
Fleet Server <8.10.3 - Info Disclosure
Oct 26, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-46668
MEDIUM
Elastic Endpoint <8.10.3 - Info Disclosure
Oct 26, 2023
CVSS 4.6
EPSS 0.00
CVE-2023-31415
HIGH
Kibana 8.7.0 - Authenticated Remote Code Execution via Uptime/Synthetics Feature
May 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-31414
HIGH
Kibana 8.0.0-8.7.0 - Authenticated Remote Code Execution via YAML or ENV Configuration
May 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-31413
LOW
Filebeat <= 7.17.9 and 8.6.2 - Sensitive Information Disclosure in HTTPJSON Input Debug Logs
May 04, 2023
CVSS 3.3
EPSS 0.00
CVE-2022-38779
MEDIUM
Kibana 7.0.0-7.17.9 - Open Redirect via Malicious URL
Feb 22, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-38778
MEDIUM
decode-uri-component < 0.2.1 - Denial of Service via Improper Input Validation
Feb 08, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-38777
HIGH
Elastic Endpoint Security - Privilege Escalation
Feb 08, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38775
HIGH
Elastic Endpoint Security for Windows - Privilege Escalation
Jan 26, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38774
HIGH
Elastic Endpoint Security/Elastic Endgame - Privilege Escalation
Jan 26, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-23716
MEDIUM
Elastic Cloud Enterprise < 3.1.1 - Sensitive Information Disclosure in Deployment Logs
Sep 28, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23715
MEDIUM
Elastic Cloud Enterprise < 3.4.0 - Sensitive Information Disclosure in Logs via PATCH APIs
Aug 25, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-23714
HIGH
Elastic Endpoint Security 7.13.0-7.17.3 - Local Privilege Escalation via Ransomware Canaries Feature
Jul 06, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-23713
MEDIUM
Kibana 7.0.0-7.17.4 - Stored Cross-Site Scripting in Vega Charts Integration
Jul 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23712
HIGH
Elasticsearch 8.0.0-8.2.0 - Unauthenticated Denial of Service via Network Request
Jun 06, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-23711
MEDIUM
Kibana 7.2.1-7.17.2 - Unauthenticated Exposure of Sensitive Information in Page Source
Apr 21, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23710
MEDIUM
Kibana 7.15.0-7.16.9 - Stored Cross-Site Scripting in Data Preview Pane
Mar 03, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-23709
MEDIUM
Kibana 7.7.0-7.17.0 - Authenticated Alert Rule Modification via Uptime Feature
Mar 03, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-23708
MEDIUM
Elasticsearch 7.17.0 - Authenticated Security Index Access Control Bypass via Upgrade Assistant
Mar 03, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-23707
MEDIUM
Kibana 7.5.1-7.16.3 - Authenticated Stored Cross-Site Scripting in Index Patterns
Feb 11, 2022
CVSS 5.4
EPSS 0.00
Products
kibana 103
elasticsearch 47
Kibana 18
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
elastic_agent 5
endpoint_security 5
enterprise_search 5
Logstash 4
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Elastic Defend 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
kibana_x-pack 2
logstash_x-pack 2
Beats 1
Elastic Cloud Enterprise 1
Elastic Package Registry 1
Quick Filters