Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2017-8446
The Reporting feature in X-Pack in versions before 5.5.2 and standalone Reporting plugin versions versions before 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining ...
Elasticsearch X-pack
Elasticsearch X-pack Reporting
383
VMScore
CVE-2017-8444
The client-forwarder in Elastic Cloud Enterprise versions before 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Elasticsearch Cloud Enterprise 1.0.1
Elasticsearch Cloud Enterprise 1.0.0
356
VMScore
CVE-2018-3831
Elasticsearch Alerting and Monitoring in versions prior to 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens...
Elastic Elasticsearch
578
VMScore
CVE-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an ...
Elastic Elasticsearch
NA
CVE-2023-31417
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information s...
Elastic Elasticsearch
NA
CVE-2023-31419
A flaw exists in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
Elastic Elasticsearch
2 Github repositories
312
VMScore
CVE-2020-7020
Elasticsearch versions prior to 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the e...
Elastic Elasticsearch
356
VMScore
CVE-2020-7021
Elasticsearch versions prior to 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allo...
Elastic Elasticsearch
357
VMScore
CVE-2022-23708
A flaw exists in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Elastic Elasticsearch
578
VMScore
CVE-2020-7009
Elasticsearch versions from 6.7.0 prior to 6.8.8 and 7.0.0 prior to 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with ele...
Elastic Elasticsearch
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »