Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

elastic elastic app search vulnerabilities and exploits

(subscribe to this query)
6.1
CVSSv3
CVE-2020-7011
Elastic App Search versions prior to 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of...
Elastic Elastic App Search
8.8
CVSSv3
CVE-2020-7018
Elastic Enterprise Search prior to 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow t...
Elastic Enterprise Search
6.5
CVSSv3
CVE-2023-49923
An issue exists by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic ha...
Elastic Enterprise Search
8.8
CVSSv3
CVE-2021-22149
Elastic Enterprise Search App Search versions prior to 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
Elastic Enterprise Search
8.8
CVSSv3
CVE-2021-22148
Elastic Enterprise Search App Search versions prior to 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
Elastic Enterprise Search
5.4
CVSSv3
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
7.5
CVSSv3
CVE-2021-22140
Elastic App Search versions after 7.11.0 and prior to 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to travers...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook