Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic x-pack vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-8449
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.
Elastic X-pack
356
VMScore
CVE-2017-8450
X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.
Elastic X-pack 5.1.1
516
VMScore
CVE-2017-8451
With X-Pack installed, Kibana versions prior to 5.3.1 have an open redirect vulnerability on the login page that would enable an malicious user to craft a link that redirects to an arbitrary website.
Elastic Kibana
356
VMScore
CVE-2016-10364
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Elastic Kibana 5.0.1
Elastic Kibana 5.0.0
578
VMScore
CVE-2017-8438
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, t...
Elastic X-pack 5.0.0
Elastic X-pack 5.3.2
Elastic X-pack 5.2.2
Elastic X-pack 5.2.0
Elastic X-pack 5.1.0
Elastic X-pack 5.2.1
Elastic X-pack 5.0.2
Elastic X-pack 5.3.3
Elastic X-pack 5.3.1
Elastic X-pack 5.4.0
Elastic X-pack 5.0.1
Elastic X-pack 5.1.1
Elastic X-pack 5.3.0
356
VMScore
CVE-2017-8441
Elastic X-Pack Security versions before 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index...
Elastic X-pack
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2