elastic

237 tracked vulnerabilities.

CVE-2021-22133 LOW
Elastic APM Agent for Go < 1.11.0 - Sensitive Information Exposure via Panic Log
Feb 10, 2021
CVSS 2.4
EPSS 0.00
CVE-2021-22132 MEDIUM
Elasticsearch 7.7.0-7.10.1 - Information Disclosure via Async Search API
Jan 14, 2021
CVSS 4.8
EPSS 0.00
CVE-2020-10743 MEDIUM
OpenShift Container Platform - CSRF
Jun 02, 2021
CVSS 4.3
EPSS 0.00
CVE-2020-7021 MEDIUM
Elasticsearch < 6.8.14 - Sensitive Information Disclosure in Audit Logs
Feb 10, 2021
CVSS 4.9
EPSS 0.00
CVE-2020-27816 MEDIUM
Kibana < 4.7 - URL Redirection via Namespace Validation Bypass
Dec 02, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-7020 LOW
Elasticsearch < 6.8.13 - Document Disclosure via Complex Query Permission Bypass
Oct 22, 2020
CVSS 3.1
EPSS 0.00
CVE-2020-7019 MEDIUM
Elasticsearch <6.8.12 and 7.0.0-7.9.0 - Improper Privilege Management via Scrolling Search Field Disclosure
Aug 18, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-7018 HIGH
Elastic Enterprise Search < 7.9.0 - Privilege Escalation via Developer Role Credential Exposure
Aug 18, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-7015 MEDIUM
Kibana < 6.8.10 - Stored Cross-Site Scripting in TSVB Visualization
Jun 03, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-7014 HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key and Authentication Token Manipulation
Jun 03, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-7013 HIGH
Kibana < 6.8.9 - Authenticated Remote Code Execution via TSVB Visualization
Jun 03, 2020
CVSS 7.2
EPSS 0.01
CVE-2020-7012 HIGH
Kibana 6.7.0-6.8.8 and 7.0.0-7.6.2 - Authenticated Code Injection in Upgrade Assistant
Jun 03, 2020
CVSS 8.8
EPSS 0.73
CVE-2020-7011 MEDIUM
Elastic App Search < 7.7.0 - Cross-Site Scripting in Reference UI Document URL Display
Jun 03, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-7010 HIGH
Elastic Cloud on Kubernetes <1.1.0 - Info Disclosure
Jun 03, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-7009 HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key Generation
Mar 31, 2020
CVSS 8.8
EPSS 0.00
CVE-2019-7621 MEDIUM
Kibana < 6.8.6 - Stored Cross-Site Scripting in Coordinate and Region Map Visualizations
Dec 18, 2019
CVSS 5.4
EPSS 0.00
CVE-2019-7620 HIGH
Logstash 6.0.0-6.8.3 - Unauthenticated Denial of Service via Beats Input Plugin
Oct 30, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-7619 MEDIUM
Elasticsearch <7.4 - Info Disclosure
Oct 30, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-7618 MEDIUM
Elastic Code <7.3.2 - Info Disclosure
Oct 01, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-7617 HIGH
Elastic APM agent for Python <5.1.0 - Open Redirect
Aug 22, 2019
CVSS 7.2
EPSS 0.00
CVE-2019-7616 MEDIUM
Kibana < 6.8.2 - Authenticated Server-Side Request Forgery via Timelion Graphite URL Configuration
Jul 30, 2019
CVSS 4.9
EPSS 0.09
CVE-2019-7615 HIGH
Elastic APM agent for Ruby <2.9.0 - Info Disclosure
Jul 30, 2019
CVSS 7.4
EPSS 0.00
CVE-2019-7614 MEDIUM
Elasticsearch <7.2.1-6.8.2 - Info Disclosure
Jul 30, 2019
CVSS 5.9
EPSS 0.00
CVE-2019-7613 HIGH
Winlogbeat <5.6.16,6.6.2 - Info Disclosure
Mar 25, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-7612 CRITICAL
Logstash <5.6.15-6.6.1 - Info Disclosure
Mar 25, 2019
CVSS 9.8
EPSS 0.00
Products
kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1
Quick Filters
Critical CVEs With Exploits In CISA KEV