Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-3823
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the malicious user to obtain sensitive informatio...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
6.1
CVSSv3
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
9.8
CVSSv3
CVE-2017-2773
An issue exists in Pivotal PCF Elastic Runtime 1.6.x versions before 1.6.60, 1.7.x versions before 1.7.41, 1.8.x versions before 1.8.23, and 1.9.x versions before 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged malicious users to impers...
Pivotal Software Cloud Foundry Elastic Runtime 1.8.17
Pivotal Software Cloud Foundry Elastic Runtime 1.8.15
Pivotal Software Cloud Foundry Elastic Runtime 1.8.10
Pivotal Software Cloud Foundry Elastic Runtime 1.8.8
Pivotal Software Cloud Foundry Elastic Runtime 1.8.1
Pivotal Software Cloud Foundry Elastic Runtime 1.7.39
Pivotal Software Cloud Foundry Elastic Runtime 1.7.32
Pivotal Software Cloud Foundry Elastic Runtime 1.7.30
Pivotal Software Cloud Foundry Elastic Runtime 1.7.25
Pivotal Software Cloud Foundry Elastic Runtime 1.7.23
Pivotal Software Cloud Foundry Elastic Runtime 1.7.16
Pivotal Software Cloud Foundry Elastic Runtime 1.7.14
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.59
Pivotal Software Cloud Foundry Elastic Runtime 1.6.57
Pivotal Software Cloud Foundry Elastic Runtime 1.6.50
Pivotal Software Cloud Foundry Elastic Runtime 1.6.48
Pivotal Software Cloud Foundry Elastic Runtime 1.6.41
Pivotal Software Cloud Foundry Elastic Runtime 1.6.39
Pivotal Software Cloud Foundry Elastic Runtime 1.6.34
Pivotal Software Cloud Foundry Elastic Runtime 1.6.32
6.5
CVSSv3
CVE-2018-3826
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.
Elastic Elasticsearch
Elastic Elasticsearch 6.0.0
7.5
CVSSv3
CVE-2020-7010
Elastic Cloud on Kubernetes (ECK) versions before 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials gener...
Elastic Elastic Cloud On Kubernetes
NA
CVE-2015-8131
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana prior to 4.1.3 and 4.2.x prior to 4.2.1 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Elastic Kibana
Elastic Kibana 4.2.0
6.1
CVSSv3
CVE-2015-9056
Kibana versions before 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
Elastic Kibana
Elastic Kibana 4.2.0
5.5
CVSSv3
CVE-2023-46672
An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/r...
Elastic Logstash
Elastic Logstash 7.12.1
3.3
CVSSv3
CVE-2023-31413
Filebeat versions up to and including 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
Elastic Filebeat 8.6.2
Elastic Filebeat
4.3
CVSSv3
CVE-2022-23709
A flaw exists in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with th...
Elastic Kibana
Elastic Kibana 8.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »