Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-11480
Packetbeat versions before 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from p...
Elasticsearch Packetbeat
446
VMScore
CVE-2022-23712
A Denial of Service flaw exists in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
Elastic Elasticsearch
383
VMScore
CVE-2021-22137
In Elasticsearch versions prior to 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the sear...
Elastic Elasticsearch
357
VMScore
CVE-2020-7019
In Elasticsearch prior to 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could ...
Elastic Elasticsearch
578
VMScore
CVE-2020-7009
Elasticsearch versions from 6.7.0 prior to 6.8.8 and 7.0.0 prior to 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with ele...
Elastic Elasticsearch
605
VMScore
CVE-2019-7611
A permission issue was found in Elasticsearch versions prior to 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to fa...
Elastic Elasticsearch
383
VMScore
CVE-2019-7614
A race condition flaw was found in the response headers Elasticsearch versions prior to 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an malicious user to gain access to response header containing sensitive dat...
Elastic Elasticsearch
445
VMScore
CVE-2019-7619
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
Elastic Elasticsearch
312
VMScore
CVE-2020-7020
Elasticsearch versions prior to 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the e...
Elastic Elasticsearch
356
VMScore
CVE-2020-7021
Elasticsearch versions prior to 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allo...
Elastic Elasticsearch
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »