elastic

256 tracked vulnerabilities.

CVE-2024-23445 MEDIUM
Elasticsearch 8.10.0-8.13.4 - Sensitive Information Exposure via Cross-Cluster API Key Search Restriction Bypass
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23449 MEDIUM
Elasticsearch >= 8.4.0 < 8.11.1 - Info Disclosure
Mar 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-23451 MEDIUM
Elasticsearch 8.10.0-8.12.2 - Incorrect Authorization in Remote Cluster Security API Key Model
Mar 27, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-23450 MEDIUM
Elasticsearch 7.0.0-7.17.18 - Denial of Service via Deeply Nested Ingest Pipeline
Mar 27, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-23448 MEDIUM
APM Server < 8.12.1 - Sensitive Information Exposure via Error Logs
Feb 07, 2024
CVSS 5.7
EPSS 0.01
CVE-2024-23447 MEDIUM
Elastic Network Drive Connector < 8.12.1 - Improper Access Control via Document Level Security
Feb 07, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-23446 MEDIUM
Kibana 8.0.0-8.12.0 - Improper Access Control in Detection Engine Search API
Feb 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-46669 MEDIUM
Elastic Agent/Elastic Security Endpoint - Info Disclosure
May 01, 2025
CVSS 6.2
EPSS 0.00
CVE-2023-49921 MEDIUM
Elasticsearch 7.0.0-7.17.15 - Sensitive Information Disclosure in Watcher Search Input Debug Logging
Jul 26, 2024
CVSS 5.2
EPSS 0.00
CVE-2023-46675 HIGH
Elastic Kibana <8.11.2 - Info Disclosure
Dec 13, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-46671 HIGH
Kibana 8.0.0-8.11.0 - Sensitive Information Disclosure in Error Logs
Dec 13, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-6687 MEDIUM
Elastic Agent 7.0.0-7.17.16 - Sensitive Information Disclosure in Log Files
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-49922 MEDIUM
Elastic Beats 7.0.0-7.17.15 and 8.0.0-8.11.2 - Sensitive Information Disclosure in Log Files
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-49923 MEDIUM
Elastic Enterprise Search 7.0.0-7.17.16 - Sensitive Information Disclosure in App Search Documents API Logs
Dec 12, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-46674 MEDIUM
Elasticsearch < 7.17.11 - Authenticated Remote Code Execution via Unsafe Java Deserialization
Dec 05, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-46673 MEDIUM
Elasticsearch 7.0.0-7.17.14 - Denial of Service via Malformed Script in Ingest Pipeline
Nov 22, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46672 HIGH
Logstash 8.10.0-8.11.0 - Sensitive Information Disclosure in JSON Logs
Nov 15, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-31416 MEDIUM
Elastic Cloud on Kubernetes < 2.8 - Unauthenticated Exposure of Sensitive Information via APM Server
Oct 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-31419 MEDIUM
Elasticsearch 7.0.0-7.17.12 - Denial of Service via _search API Query String
Oct 26, 2023
CVSS 6.5
EPSS 0.61
CVE-2023-31418 HIGH
Elasticsearch < 7.17.13 - Unauthenticated Denial of Service via Malformed HTTP Requests
Oct 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31417 MEDIUM
Elasticsearch 7.0.0-7.17.12 - Sensitive Information Exposure in Audit Logs via Deprecated API URIs
Oct 26, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-46666 MEDIUM
Elastic Sharepoint Online Python Connector - Info Disclosure
Oct 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-31421 MEDIUM
Beats/Elastic Agent/APM Server/Fleet Server - SSL Validation
Oct 26, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-31422 CRITICAL
Elastic Kibana <8.10.1 - Info Disclosure
Oct 26, 2023
CVSS 9.0
EPSS 0.01
CVE-2023-46667 HIGH
Fleet Server <8.10.3 - Info Disclosure
Oct 26, 2023
CVSS 8.1
EPSS 0.00