elastic
256 tracked vulnerabilities.
CVE-2023-46668
MEDIUM
Elastic Endpoint <8.10.3 - Info Disclosure
Oct 26, 2023
CVSS 4.6
EPSS 0.00
CVE-2023-31415
HIGH
Kibana 8.7.0 - Authenticated Remote Code Execution via Uptime/Synthetics Feature
May 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-31414
HIGH
Kibana 8.0.0-8.7.0 - Authenticated Remote Code Execution via YAML or ENV Configuration
May 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-31413
LOW
Filebeat <= 7.17.9 and 8.6.2 - Sensitive Information Disclosure in HTTPJSON Input Debug Logs
May 04, 2023
CVSS 3.3
EPSS 0.00
CVE-2022-38779
MEDIUM
Kibana 7.0.0-7.17.9 - Open Redirect via Malicious URL
Feb 22, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-38778
MEDIUM
decode-uri-component < 0.2.1 - Denial of Service via Improper Input Validation
Feb 08, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-38777
HIGH
Elastic Endpoint Security - Privilege Escalation
Feb 08, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38775
HIGH
Elastic Endpoint Security for Windows - Privilege Escalation
Jan 26, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38774
HIGH
Elastic Endpoint Security/Elastic Endgame - Privilege Escalation
Jan 26, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-23716
MEDIUM
Elastic Cloud Enterprise < 3.1.1 - Sensitive Information Disclosure in Deployment Logs
Sep 28, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23715
MEDIUM
Elastic Cloud Enterprise < 3.4.0 - Sensitive Information Disclosure in Logs via PATCH APIs
Aug 25, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23714
HIGH
Elastic Endpoint Security 7.13.0-7.17.3 - Local Privilege Escalation via Ransomware Canaries Feature
Jul 06, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-23713
MEDIUM
Kibana 7.0.0-7.17.4 - Stored Cross-Site Scripting in Vega Charts Integration
Jul 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23712
HIGH
Elasticsearch 8.0.0-8.2.0 - Unauthenticated Denial of Service via Network Request
Jun 06, 2022
CVSS 7.5
EPSS 0.07
CVE-2022-23711
MEDIUM
Kibana 7.2.1-7.17.2 - Unauthenticated Exposure of Sensitive Information in Page Source
Apr 21, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23710
MEDIUM
Kibana 7.15.0-7.16.9 - Stored Cross-Site Scripting in Data Preview Pane
Mar 03, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23709
MEDIUM
Kibana 7.7.0-7.17.0 - Authenticated Alert Rule Modification via Uptime Feature
Mar 03, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23708
MEDIUM
Elasticsearch 7.17.0 - Authenticated Security Index Access Control Bypass via Upgrade Assistant
Mar 03, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23707
MEDIUM
Kibana 7.5.1-7.16.3 - Authenticated Stored Cross-Site Scripting in Index Patterns
Feb 11, 2022
CVSS 5.4
EPSS 0.01
CVE-2021-37942
HIGH
Elastic APM Java Agent 1.18.0-1.26.10 - Local Privilege Escalation via Malicious Plugin Attachment
Nov 22, 2023
CVSS 7.0
EPSS 0.00
CVE-2021-37937
MEDIUM
Elasticsearch 7.13.0-7.13.9 - Privilege Escalation via Fleet-Server API Key Creation
Nov 22, 2023
CVSS 5.9
EPSS 0.01
CVE-2021-22143
LOW
Elastic APM .NET Agent < 1.10.0 - Sensitive Information Exposure via HTTP Header Logging
Nov 22, 2023
CVSS 2.1
EPSS 0.01
CVE-2021-22151
LOW
Kibana 7.9.0-7.13.4 - Path Traversal via .pbf File Loading
Nov 22, 2023
CVSS 3.1
EPSS 0.01
CVE-2021-22150
MEDIUM
Kibana 7.10.2-7.14.0 - Authenticated Remote Code Execution via Malicious Fleet Package Upload
Nov 22, 2023
CVSS 6.6
EPSS 0.01
CVE-2021-22142
MEDIUM
Kibana 7.0.0-7.12.1 - Authenticated Remote Code Execution via Reporting Feature Chromium Embed
Nov 22, 2023
CVSS 6.6
EPSS 0.01
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters