elastic

256 tracked vulnerabilities.

CVE-2021-37936 MEDIUM
Kibana < 7.14.1 - Stored Cross-Site Scripting via Discover App Search Highlighting
Nov 18, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-22141 MEDIUM
Kibana < 6.8.16 - Open Redirect via Malicious URL
Nov 18, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-37941 HIGH
Elastic APM Java Agent 1.10.0-1.26.0 - Local Privilege Escalation via Attacher CLI or API
Dec 08, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-37940 MEDIUM
Elastic Enterprise Search < 7.16.0 - Server-Side Request Forgery via GitHub Integration
Dec 07, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-37939 LOW
Kibana 7.8.0-7.15.1 - Authenticated Internal Host HTTP Response Disclosure via JIRA and IBM Resilient Connectors
Nov 18, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-37938 MEDIUM
Kibana 7.9.0-7.15.1 - Path Traversal via .pbf File Loading
Nov 18, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22149 HIGH
Elastic Enterprise Search App Search < 7.14.0 - Authenticated Missing Authorization via Alternate API Route
Sep 15, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-22148 HIGH
Elastic Enterprise Search < 7.14.0 - Incorrect Permission Assignment for API Keys
Sep 15, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-22147 MEDIUM
Elasticsearch 7.11.0-7.13.4 - Authenticated Missing Authorization in Searchable Snapshots
Sep 15, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22144 MEDIUM
Elasticsearch < 6.8.17 - Denial of Service via Grok Parser Recursion
Jul 26, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-22146 HIGH
Elastic Cloud Enterprise - Info Disclosure
Jul 21, 2021
CVSS 7.5
EPSS 0.28
CVE-2021-22145 MEDIUM NUCLEI
Elasticsearch 7.10.0-7.13.3 - Memory Disclosure via Malformed Query Error Message
Jul 21, 2021
CVSS 6.5
EPSS 0.76
CVE-2021-22140 HIGH
Elastic App Search 7.11.0-7.11.9 - XML External Entity Injection via Web Crawler Sitemap Processing
May 13, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22139 MEDIUM
Kibana < 7.12.1 - Denial of Service via Webhook Request Size
May 13, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22138 LOW
Logstash 6.4.0-6.8.14 - Improper Certificate Validation in Monitoring Feature
May 13, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-22137 MEDIUM
Elasticsearch <6.8.15 and 7.11.0-7.11.1 - Document Disclosure via Cross-Cluster Search Query
May 13, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22136 LOW
Kibana < 6.8.15 - Insufficient Session Expiration via Background Polling
May 13, 2021
CVSS 3.5
EPSS 0.00
CVE-2021-22135 MEDIUM
Elasticsearch <6.8.15 and 7.0.0-7.11.2 - Unauthorized Document and Field Exposure via Suggester and Profile API
May 13, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22134 MEDIUM
Elasticsearch 7.6.0-7.10.2 - Unauthorized Document Disclosure via Document or Field Level Security Bypass
Mar 08, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22133 LOW
Elastic APM Agent for Go < 1.11.0 - Sensitive Information Exposure via Panic Log
Feb 10, 2021
CVSS 2.4
EPSS 0.01
CVE-2021-22132 MEDIUM
Elasticsearch 7.7.0-7.10.1 - Information Disclosure via Async Search API
Jan 14, 2021
CVSS 4.8
EPSS 0.01
CVE-2020-10743 MEDIUM
OpenShift Container Platform - CSRF
Jun 02, 2021
CVSS 4.3
EPSS 0.01
CVE-2020-7021 MEDIUM
Elasticsearch < 6.8.14 - Sensitive Information Disclosure in Audit Logs
Feb 10, 2021
CVSS 4.9
EPSS 0.01
CVE-2020-27816 MEDIUM
Kibana < 4.7 - URL Redirection via Namespace Validation Bypass
Dec 02, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-7020 LOW
Elasticsearch < 6.8.13 - Document Disclosure via Complex Query Permission Bypass
Oct 22, 2020
CVSS 3.1
EPSS 0.01