elastic
256 tracked vulnerabilities.
CVE-2021-37936
MEDIUM
Kibana < 7.14.1 - Stored Cross-Site Scripting via Discover App Search Highlighting
Nov 18, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-22141
MEDIUM
Kibana < 6.8.16 - Open Redirect via Malicious URL
Nov 18, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-37941
HIGH
Elastic APM Java Agent 1.10.0-1.26.0 - Local Privilege Escalation via Attacher CLI or API
Dec 08, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-37940
MEDIUM
Elastic Enterprise Search < 7.16.0 - Server-Side Request Forgery via GitHub Integration
Dec 07, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-37939
LOW
Kibana 7.8.0-7.15.1 - Authenticated Internal Host HTTP Response Disclosure via JIRA and IBM Resilient Connectors
Nov 18, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-37938
MEDIUM
Kibana 7.9.0-7.15.1 - Path Traversal via .pbf File Loading
Nov 18, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22149
HIGH
Elastic Enterprise Search App Search < 7.14.0 - Authenticated Missing Authorization via Alternate API Route
Sep 15, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-22148
HIGH
Elastic Enterprise Search < 7.14.0 - Incorrect Permission Assignment for API Keys
Sep 15, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-22147
MEDIUM
Elasticsearch 7.11.0-7.13.4 - Authenticated Missing Authorization in Searchable Snapshots
Sep 15, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22144
MEDIUM
Elasticsearch < 6.8.17 - Denial of Service via Grok Parser Recursion
Jul 26, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-22146
HIGH
Elastic Cloud Enterprise - Info Disclosure
Jul 21, 2021
CVSS 7.5
EPSS 0.28
CVE-2021-22145
MEDIUM
NUCLEI
Elasticsearch 7.10.0-7.13.3 - Memory Disclosure via Malformed Query Error Message
Jul 21, 2021
CVSS 6.5
EPSS 0.76
CVE-2021-22140
HIGH
Elastic App Search 7.11.0-7.11.9 - XML External Entity Injection via Web Crawler Sitemap Processing
May 13, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22139
MEDIUM
Kibana < 7.12.1 - Denial of Service via Webhook Request Size
May 13, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22138
LOW
Logstash 6.4.0-6.8.14 - Improper Certificate Validation in Monitoring Feature
May 13, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-22137
MEDIUM
Elasticsearch <6.8.15 and 7.11.0-7.11.1 - Document Disclosure via Cross-Cluster Search Query
May 13, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22136
LOW
Kibana < 6.8.15 - Insufficient Session Expiration via Background Polling
May 13, 2021
CVSS 3.5
EPSS 0.00
CVE-2021-22135
MEDIUM
Elasticsearch <6.8.15 and 7.0.0-7.11.2 - Unauthorized Document and Field Exposure via Suggester and Profile API
May 13, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22134
MEDIUM
Elasticsearch 7.6.0-7.10.2 - Unauthorized Document Disclosure via Document or Field Level Security Bypass
Mar 08, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22133
LOW
Elastic APM Agent for Go < 1.11.0 - Sensitive Information Exposure via Panic Log
Feb 10, 2021
CVSS 2.4
EPSS 0.01
CVE-2021-22132
MEDIUM
Elasticsearch 7.7.0-7.10.1 - Information Disclosure via Async Search API
Jan 14, 2021
CVSS 4.8
EPSS 0.01
CVE-2020-10743
MEDIUM
OpenShift Container Platform - CSRF
Jun 02, 2021
CVSS 4.3
EPSS 0.01
CVE-2020-7021
MEDIUM
Elasticsearch < 6.8.14 - Sensitive Information Disclosure in Audit Logs
Feb 10, 2021
CVSS 4.9
EPSS 0.01
CVE-2020-27816
MEDIUM
Kibana < 4.7 - URL Redirection via Namespace Validation Bypass
Dec 02, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-7020
LOW
Elasticsearch < 6.8.13 - Document Disclosure via Complex Query Permission Bypass
Oct 22, 2020
CVSS 3.1
EPSS 0.01
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters