Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic elasticsearch vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-22134
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and prior to 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents...
Elastic Elasticsearch
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
4
CVSSv2
CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portio...
Elastic Elasticsearch
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
1 Github repository
4
CVSSv2
CVE-2021-22144
In Elasticsearch versions prior to 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a maliciou...
Elastic Elasticsearch
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
4.3
CVSSv2
CVE-2017-11479
Kibana versions before 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana 5.3.2
Elastic Kibana 5.3.1
Elastic Kibana 5.3.0
Elastic Kibana 5.2.2
Elastic Kibana 5.5.3
Elastic Kibana 5.5.2
Elastic Kibana 5.5.1
Elastic Kibana 5.5.0
Elastic Kibana 5.4.3
Elasticsearch Kibana 5.1.0
Elastic Kibana 5.0.2
Elastic Kibana 5.0.1
Elastic Kibana 5.0.0
Elastic Kibana 5.4.2
Elastic Kibana 5.4.0
Elastic Kibana 5.2.0
Elastic Kibana 5.1.1
Elastic Kibana 5.6.0
Elastic Kibana 5.4.1
Elastic Kibana 5.3.3
Elastic Kibana 5.2.1
Elastic Kibana 5.1.2
4.3
CVSSv2
CVE-2017-8444
The client-forwarder in Elastic Cloud Enterprise versions before 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Elasticsearch Cloud Enterprise 1.0.1
Elasticsearch Cloud Enterprise 1.0.0
7.5
CVSSv2
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.3.3
Elastic Logstash 1.1.11
Elastic Logstash 1.1.10
Elastic Logstash 1.1.3
Elastic Logstash 1.1.2
Elastic Logstash 1.2.2
Elastic Logstash 1.2.1
Elastic Logstash 1.1.7
Elastic Logstash 1.1.6
Elastic Logstash 1.1.0
Elastic Logstash 1.0.17
Elastic Logstash 1.4.0
Elastic Logstash 1.4.1
Elastic Logstash 1.0.14
Elastic Logstash 1.1.13
Elastic Logstash 1.1.12
Elastic Logstash 1.1.5
Elastic Logstash 1.1.4
Elastic Logstash 1.0.16
Elastic Logstash 1.0.15
Elastic Logstash 1.3.2
Elastic Logstash 1.3.1
NA
CVE-2022-23715
A flaw exists in ECE prior to 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /ap...
Elastic Elastic Cloud Enterprise
6.8
CVSSv2
CVE-2015-8131
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana prior to 4.1.3 and 4.2.x prior to 4.2.1 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Elastic Kibana
Elastic Kibana 4.2.0
4.3
CVSSv2
CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.
Elastic Azure Repository
Elastic Azure Repository 6.0.0
5
CVSSv2
CVE-2020-7010
Elastic Cloud on Kubernetes (ECK) versions before 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials gener...
Elastic Elastic Cloud On Kubernetes
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »