elastic

256 tracked vulnerabilities.

CVE-2023-46668 MEDIUM
Elastic Endpoint <8.10.3 - Info Disclosure
Oct 26, 2023
CVSS 4.6
EPSS 0.00
CVE-2023-31415 HIGH
Kibana 8.7.0 - Authenticated Remote Code Execution via Uptime/Synthetics Feature
May 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-31414 HIGH
Kibana 8.0.0-8.7.0 - Authenticated Remote Code Execution via YAML or ENV Configuration
May 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-31413 LOW
Filebeat <= 7.17.9 and 8.6.2 - Sensitive Information Disclosure in HTTPJSON Input Debug Logs
May 04, 2023
CVSS 3.3
EPSS 0.00
CVE-2022-38779 MEDIUM
Kibana 7.0.0-7.17.9 - Open Redirect via Malicious URL
Feb 22, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-38778 MEDIUM
decode-uri-component < 0.2.1 - Denial of Service via Improper Input Validation
Feb 08, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-38777 HIGH
Elastic Endpoint Security - Privilege Escalation
Feb 08, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38775 HIGH
Elastic Endpoint Security for Windows - Privilege Escalation
Jan 26, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38774 HIGH
Elastic Endpoint Security/Elastic Endgame - Privilege Escalation
Jan 26, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-23716 MEDIUM
Elastic Cloud Enterprise < 3.1.1 - Sensitive Information Disclosure in Deployment Logs
Sep 28, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23715 MEDIUM
Elastic Cloud Enterprise < 3.4.0 - Sensitive Information Disclosure in Logs via PATCH APIs
Aug 25, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23714 HIGH
Elastic Endpoint Security 7.13.0-7.17.3 - Local Privilege Escalation via Ransomware Canaries Feature
Jul 06, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-23713 MEDIUM
Kibana 7.0.0-7.17.4 - Stored Cross-Site Scripting in Vega Charts Integration
Jul 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23712 HIGH
Elasticsearch 8.0.0-8.2.0 - Unauthenticated Denial of Service via Network Request
Jun 06, 2022
CVSS 7.5
EPSS 0.07
CVE-2022-23711 MEDIUM
Kibana 7.2.1-7.17.2 - Unauthenticated Exposure of Sensitive Information in Page Source
Apr 21, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23710 MEDIUM
Kibana 7.15.0-7.16.9 - Stored Cross-Site Scripting in Data Preview Pane
Mar 03, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23709 MEDIUM
Kibana 7.7.0-7.17.0 - Authenticated Alert Rule Modification via Uptime Feature
Mar 03, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23708 MEDIUM
Elasticsearch 7.17.0 - Authenticated Security Index Access Control Bypass via Upgrade Assistant
Mar 03, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23707 MEDIUM
Kibana 7.5.1-7.16.3 - Authenticated Stored Cross-Site Scripting in Index Patterns
Feb 11, 2022
CVSS 5.4
EPSS 0.01
CVE-2021-37942 HIGH
Elastic APM Java Agent 1.18.0-1.26.10 - Local Privilege Escalation via Malicious Plugin Attachment
Nov 22, 2023
CVSS 7.0
EPSS 0.00
CVE-2021-37937 MEDIUM
Elasticsearch 7.13.0-7.13.9 - Privilege Escalation via Fleet-Server API Key Creation
Nov 22, 2023
CVSS 5.9
EPSS 0.01
CVE-2021-22143 LOW
Elastic APM .NET Agent < 1.10.0 - Sensitive Information Exposure via HTTP Header Logging
Nov 22, 2023
CVSS 2.1
EPSS 0.01
CVE-2021-22151 LOW
Kibana 7.9.0-7.13.4 - Path Traversal via .pbf File Loading
Nov 22, 2023
CVSS 3.1
EPSS 0.01
CVE-2021-22150 MEDIUM
Kibana 7.10.2-7.14.0 - Authenticated Remote Code Execution via Malicious Fleet Package Upload
Nov 22, 2023
CVSS 6.6
EPSS 0.01
CVE-2021-22142 MEDIUM
Kibana 7.0.0-7.12.1 - Authenticated Remote Code Execution via Reporting Feature Chromium Embed
Nov 22, 2023
CVSS 6.6
EPSS 0.01