elastic
256 tracked vulnerabilities.
CVE-2024-23445
MEDIUM
Elasticsearch 8.10.0-8.13.4 - Sensitive Information Exposure via Cross-Cluster API Key Search Restriction Bypass
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23449
MEDIUM
Elasticsearch >= 8.4.0 < 8.11.1 - Info Disclosure
Mar 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-23451
MEDIUM
Elasticsearch 8.10.0-8.12.2 - Incorrect Authorization in Remote Cluster Security API Key Model
Mar 27, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-23450
MEDIUM
Elasticsearch 7.0.0-7.17.18 - Denial of Service via Deeply Nested Ingest Pipeline
Mar 27, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-23448
MEDIUM
APM Server < 8.12.1 - Sensitive Information Exposure via Error Logs
Feb 07, 2024
CVSS 5.7
EPSS 0.01
CVE-2024-23447
MEDIUM
Elastic Network Drive Connector < 8.12.1 - Improper Access Control via Document Level Security
Feb 07, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-23446
MEDIUM
Kibana 8.0.0-8.12.0 - Improper Access Control in Detection Engine Search API
Feb 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-46669
MEDIUM
Elastic Agent/Elastic Security Endpoint - Info Disclosure
May 01, 2025
CVSS 6.2
EPSS 0.00
CVE-2023-49921
MEDIUM
Elasticsearch 7.0.0-7.17.15 - Sensitive Information Disclosure in Watcher Search Input Debug Logging
Jul 26, 2024
CVSS 5.2
EPSS 0.00
CVE-2023-46675
HIGH
Elastic Kibana <8.11.2 - Info Disclosure
Dec 13, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-46671
HIGH
Kibana 8.0.0-8.11.0 - Sensitive Information Disclosure in Error Logs
Dec 13, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-6687
MEDIUM
Elastic Agent 7.0.0-7.17.16 - Sensitive Information Disclosure in Log Files
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-49922
MEDIUM
Elastic Beats 7.0.0-7.17.15 and 8.0.0-8.11.2 - Sensitive Information Disclosure in Log Files
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-49923
MEDIUM
Elastic Enterprise Search 7.0.0-7.17.16 - Sensitive Information Disclosure in App Search Documents API Logs
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-46674
MEDIUM
Elasticsearch < 7.17.11 - Authenticated Remote Code Execution via Unsafe Java Deserialization
Dec 05, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-46673
MEDIUM
Elasticsearch 7.0.0-7.17.14 - Denial of Service via Malformed Script in Ingest Pipeline
Nov 22, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46672
HIGH
Logstash 8.10.0-8.11.0 - Sensitive Information Disclosure in JSON Logs
Nov 15, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-31416
MEDIUM
Elastic Cloud on Kubernetes < 2.8 - Unauthenticated Exposure of Sensitive Information via APM Server
Oct 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-31419
MEDIUM
Elasticsearch 7.0.0-7.17.12 - Denial of Service via _search API Query String
Oct 26, 2023
CVSS 6.5
EPSS 0.61
CVE-2023-31418
HIGH
Elasticsearch < 7.17.13 - Unauthenticated Denial of Service via Malformed HTTP Requests
Oct 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31417
MEDIUM
Elasticsearch 7.0.0-7.17.12 - Sensitive Information Exposure in Audit Logs via Deprecated API URIs
Oct 26, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-46666
MEDIUM
Elastic Sharepoint Online Python Connector - Info Disclosure
Oct 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-31421
MEDIUM
Beats/Elastic Agent/APM Server/Fleet Server - SSL Validation
Oct 26, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-31422
CRITICAL
Elastic Kibana <8.10.1 - Info Disclosure
Oct 26, 2023
CVSS 9.0
EPSS 0.01
CVE-2023-46667
HIGH
Fleet Server <8.10.3 - Info Disclosure
Oct 26, 2023
CVSS 8.1
EPSS 0.00
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters