Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-7009
Elasticsearch versions from 6.7.0 prior to 6.8.8 and 7.0.0 prior to 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with ele...
Elastic Elasticsearch
6.5
CVSSv2
CVE-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an ...
Elastic Elasticsearch
4
CVSSv2
CVE-2020-7019
In Elasticsearch prior to 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could ...
Elastic Elasticsearch
5
CVSSv2
CVE-2022-23712
A Denial of Service flaw exists in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
Elastic Elasticsearch
4
CVSSv2
CVE-2022-34807
Jenkins Elasticsearch Query Plugin 1.2 and previous versions stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Elasticsearch Query
5
CVSSv2
CVE-2021-22146
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could le...
Elastic Elasticsearch 7.13.3
1 Github repository
4
CVSSv2
CVE-2016-10362
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
Elasticsearch Output Plugin
NA
CVE-2023-31418
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elasti...
Elastic Elasticsearch
Elastic Elastic Cloud Enterprise
Elastic Elastic Cloud Enterprise 3.6.0
4
CVSSv2
CVE-2021-22134
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and prior to 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents...
Elastic Elasticsearch
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
4
CVSSv2
CVE-2021-22144
In Elasticsearch versions prior to 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a maliciou...
Elastic Elasticsearch
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »