Vulnerabilities in Elastic

233 results

CVE-2019-7609CRITICALKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the EPSS 95.3%KEV CVE-2018-17246—Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the KibanEPSS 82.3%CVE-2021-22145—A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrEPSS 76.2%CVE-2023-31419MEDIUMElasticsearch StackOverflow vulnerabilityEPSS 60.7%CVE-2020-7012—Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker witEPSS 18.2%CVE-2025-25014CRITICALKibana arbitrary code execution via prototype pollutionEPSS 13.7%CVE-2022-23712—A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an EPSS 7.4%CVE-2019-7610—Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpaEPSS 3.9%CVE-2019-7619—Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated aEPSS 2.4%CVE-2019-7612—A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is sEPSS 2.4%CVE-2019-7611—A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disEPSS 2.1%CVE-2020-7013—Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB EPSS 2.1%CVE-2019-7616—Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizerEPSS 2.1%CVE-2018-3831—Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured viEPSS 2.0%CVE-2018-3830—Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker toEPSS 1.9%CVE-2024-23443MEDIUMA high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously craftedEPSS 1.8%CVE-2024-37287CRITICALKibana arbitrary code execution via prototype pollutionEPSS 1.6%CVE-2020-7009—Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create AEPSS 1.6%CVE-2018-3822—X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM trEPSS 1.6%CVE-2020-7014—The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escaEPSS 1.5%

← previouspage 1 / 12next →