Exposición de Elasticsearch
Search engines18
score de exposición
13.367
sitios usan
0
en explotación
0
críticos
CVEs
43 resultadosCVE-2020-7020—Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search querEPSS 1.0%CVE-2024-23450MEDIUMElasticsearch Uncontrolled Resource Consumption vulnerabilityEPSS 0.9%CVE-2022-23708—A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built proEPSS 0.9%CVE-2023-46673MEDIUMIt was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when EPSS 0.8%CVE-2021-37937MEDIUMElasticsearch privilege escalationEPSS 0.7%CVE-2018-3826—In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameEPSS 0.7%CVE-2024-23449MEDIUMElasticsearch Uncaught ExceptionEPSS 0.7%CVE-2024-43709MEDIUMElasticsearch allocation of resources without limits or throttling leads to crashEPSS 0.6%CVE-2024-37280MEDIUMElasticsearch StackOverflow vulnerabilityEPSS 0.5%CVE-2024-52979MEDIUMElasticsearch Uncontrolled Resource Consumption vulnerabilityEPSS 0.5%CVE-2024-52981MEDIUMAn issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection oEPSS 0.5%CVE-2023-49921MEDIUMAn issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw cEPSS 0.5%CVE-2021-22138—In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When spEPSS 0.5%CVE-2024-23445MEDIUMElasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictionsEPSS 0.5%CVE-2024-23451MEDIUMElasticsearch Incorrect Authorization in the Remote Cluster Security API key based security modelEPSS 0.4%CVE-2024-52980MEDIUMElasticsearch Uncontrolled Resource Consumption vulnerabilityEPSS 0.4%CVE-2024-12539MEDIUMElasticsearch Incorrect AuthorizationEPSS 0.4%CVE-2025-68390MEDIUMElasticsearch Allocation of Resources Without Limits or ThrottlingEPSS 0.3%CVE-2025-68384MEDIUMElasticsearch Allocation of Resources Without Limits or ThrottlingEPSS 0.2%CVE-2023-31417MEDIUMElasticsearch Insertion of sensitive information in audit logsEPSS 0.2%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →