Vulnerabilidades em Elastic
233 resultadosCVE-2021-22133—The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an applicatioEPSS 0.5%CVE-2022-23707—An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index paEPSS 0.5%CVE-2022-23716MEDIUMA flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in dEPSS 0.5%CVE-2022-38779—An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciouslyEPSS 0.5%CVE-2018-3828—Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exceptiEPSS 0.5%CVE-2017-8444—The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is ablEPSS 0.5%CVE-2024-23446MEDIUMKibana Broken Access Control issueEPSS 0.5%CVE-2023-46667HIGHFleet Server Insertion of Sensitive Information into Log FileEPSS 0.5%CVE-2024-52981MEDIUMAn issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection oEPSS 0.5%CVE-2023-49921MEDIUMAn issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw cEPSS 0.5%CVE-2021-22138—In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When spEPSS 0.5%CVE-2024-23445MEDIUMElasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictionsEPSS 0.5%CVE-2021-37936MEDIUMIt was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the abEPSS 0.5%CVE-2026-26932MEDIUMImproper Validation of Array Index in Packetbeat Leading to Denial of ServiceEPSS 0.5%CVE-2021-37939—It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, whichEPSS 0.4%CVE-2024-37286MEDIUMAPM Server Insertion of Sensitive Information into Log FileEPSS 0.4%CVE-2024-23451MEDIUMElasticsearch Incorrect Authorization in the Remote Cluster Security API key based security modelEPSS 0.4%CVE-2024-52980MEDIUMElasticsearch Uncontrolled Resource Consumption vulnerabilityEPSS 0.4%CVE-2026-0531MEDIUMAllocation of Resources Without Limits or Throttling in Kibana FleetEPSS 0.4%CVE-2024-37281MEDIUMKibana Denial of Service issueEPSS 0.4%