Exposição de Elasticsearch

Search engines
18
score de exposição
13.367
sites usam
0
em exploração
0
críticos

CVEs

43 resultados
CVE-2021-22145A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrEPSS 76.2%CVE-2023-31419MEDIUMElasticsearch StackOverflow vulnerabilityEPSS 60.7%CVE-2022-23712A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an EPSS 7.4%CVE-2019-7619Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated aEPSS 2.4%CVE-2019-7611A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disEPSS 2.1%CVE-2018-3831Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured viEPSS 2.0%CVE-2020-7009Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create AEPSS 1.6%CVE-2020-7014The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escaEPSS 1.5%CVE-2018-17244Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active DirEPSS 1.5%CVE-2018-17247Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing exteEPSS 1.4%CVE-2020-7021Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is EPSS 1.3%CVE-2021-22132Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search wilEPSS 1.2%CVE-2023-31418HIGHElasticsearch uncontrolled resource consumptionEPSS 1.2%CVE-2020-7019In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a uEPSS 1.2%CVE-2021-22135Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API EPSS 1.2%CVE-2021-22134A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. EPSS 1.1%CVE-2021-22137In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. SearcEPSS 1.1%CVE-2018-3827A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the reposEPSS 1.0%CVE-2019-7614A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system withEPSS 1.0%CVE-2021-22147Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated useEPSS 1.0%

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →