elastic

256 tracked vulnerabilities.

CVE-2020-7019 MEDIUM
Elasticsearch <6.8.12 and 7.0.0-7.9.0 - Improper Privilege Management via Scrolling Search Field Disclosure
Aug 18, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-7018 HIGH
Elastic Enterprise Search < 7.9.0 - Privilege Escalation via Developer Role Credential Exposure
Aug 18, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-7015 MEDIUM
Kibana < 6.8.10 - Stored Cross-Site Scripting in TSVB Visualization
Jun 03, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-7014 HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key and Authentication Token Manipulation
Jun 03, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-7013 HIGH
Kibana < 6.8.9 - Authenticated Remote Code Execution via TSVB Visualization
Jun 03, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-7012 HIGH
Kibana 6.7.0-6.8.8 and 7.0.0-7.6.2 - Authenticated Code Injection in Upgrade Assistant
Jun 03, 2020
CVSS 8.8
EPSS 0.18
CVE-2020-7011 MEDIUM
Elastic App Search < 7.7.0 - Cross-Site Scripting in Reference UI Document URL Display
Jun 03, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-7010 HIGH
Elastic Cloud on Kubernetes <1.1.0 - Info Disclosure
Jun 03, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7009 HIGH
Elasticsearch 6.7.0-6.8.7 and 7.0.0-7.6.1 - Privilege Escalation via API Key Generation
Mar 31, 2020
CVSS 8.8
EPSS 0.02
CVE-2019-7621 MEDIUM
Kibana < 6.8.6 - Stored Cross-Site Scripting in Coordinate and Region Map Visualizations
Dec 18, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-7620 HIGH
Logstash 6.0.0-6.8.3 - Unauthenticated Denial of Service via Beats Input Plugin
Oct 30, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-7619 MEDIUM
Elasticsearch <7.4 - Info Disclosure
Oct 30, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-7618 MEDIUM
Elastic Code <7.3.2 - Info Disclosure
Oct 01, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-7617 HIGH
Elastic APM agent for Python <5.1.0 - Open Redirect
Aug 22, 2019
CVSS 7.2
EPSS 0.02
CVE-2019-7616 MEDIUM
Kibana < 6.8.2 - Authenticated Server-Side Request Forgery via Timelion Graphite URL Configuration
Jul 30, 2019
CVSS 4.9
EPSS 0.02
CVE-2019-7615 HIGH
Elastic APM agent for Ruby <2.9.0 - Info Disclosure
Jul 30, 2019
CVSS 7.4
EPSS 0.01
CVE-2019-7614 MEDIUM
Elasticsearch <7.2.1-6.8.2 - Info Disclosure
Jul 30, 2019
CVSS 5.9
EPSS 0.01
CVE-2019-7613 HIGH
Winlogbeat <5.6.16,6.6.2 - Info Disclosure
Mar 25, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-7612 CRITICAL
Logstash <5.6.15-6.6.1 - Info Disclosure
Mar 25, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-7611 HIGH
Elasticsearch <5.6.15, 6.6.1 - Privilege Escalation
Mar 25, 2019
CVSS 8.1
EPSS 0.02
CVE-2019-7610 CRITICAL
Kibana < 5.6.15 - Remote Code Execution via Security Audit Logger
Mar 25, 2019
CVSS 9.0
EPSS 0.04
CVE-2019-7609 CRITICAL KEVNUCLEI
Kibana Timelion Prototype Pollution RCE
Mar 25, 2019
CVSS 10.0
EPSS 0.95
CVE-2019-7608 MEDIUM
Kibana < 5.6.15 - Cross-Site Scripting
Mar 25, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-17247 MEDIUM
Elasticsearch Security 6.5.0-6.5.1 - Info Disclosure
Dec 20, 2018
CVSS 5.9
EPSS 0.01
CVE-2018-17246 CRITICAL NUCLEI
Kibana <6.4.3, 5.6.13 - Code Injection
Dec 20, 2018
CVSS 9.8
EPSS 0.82