Vulnerabilities in Elastic
233 resultsCVE-2018-3823—X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions couEPSS 0.6%CVE-2019-7615—A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certifiEPSS 0.6%CVE-2017-8447—An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an iEPSS 0.6%CVE-2021-22143LOWElastic APM .NET Agent information disclosureEPSS 0.6%CVE-2023-46675HIGHKibana Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2024-37282HIGHIt was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsEPSS 0.6%CVE-2023-31414HIGHKibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuratEPSS 0.6%CVE-2024-43709MEDIUMElasticsearch allocation of resources without limits or throttling leads to crashEPSS 0.6%CVE-2023-49923MEDIUMEnterprise Search Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2023-6687MEDIUMElastic Agent Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2023-49922MEDIUMBeats Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2024-23448MEDIUMAPM Server Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2025-37729CRITICALElastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template EngineEPSS 0.6%CVE-2024-37283MEDIUMElastic Agent Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2018-3825—In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper accesEPSS 0.6%CVE-2026-33466HIGHImproper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File WriteEPSS 0.5%CVE-2021-22141MEDIUMAn open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could EPSS 0.5%CVE-2022-23709—A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilegEPSS 0.5%CVE-2024-37280MEDIUMElasticsearch StackOverflow vulnerabilityEPSS 0.5%CVE-2024-52979MEDIUMElasticsearch Uncontrolled Resource Consumption vulnerabilityEPSS 0.5%