Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic elasticsearch vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
4
CVSSv2
CVE-2018-3831
Elasticsearch Alerting and Monitoring in versions prior to 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens...
Elastic Elasticsearch
4.3
CVSSv2
CVE-2018-3825
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can conn...
Elastic Elastic Cloud Enterprise
4
CVSSv2
CVE-2018-3826
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.
Elastic Elasticsearch
Elastic Elasticsearch 6.0.0
4.3
CVSSv2
CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.
Elastic Azure Repository
Elastic Azure Repository 6.0.0
7.5
CVSSv2
CVE-2015-5377
Elasticsearch prior to 1.6.1 allows remote malicious users to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
Elastic Elasticsearch
4 Github repositories
4.3
CVSSv2
CVE-2017-8444
The client-forwarder in Elastic Cloud Enterprise versions before 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Elasticsearch Cloud Enterprise 1.0.1
Elasticsearch Cloud Enterprise 1.0.0
4.3
CVSSv2
CVE-2017-11479
Kibana versions before 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana 5.3.2
Elastic Kibana 5.3.1
Elastic Kibana 5.3.0
Elastic Kibana 5.2.2
Elastic Kibana 5.5.3
Elastic Kibana 5.5.2
Elastic Kibana 5.5.1
Elastic Kibana 5.5.0
Elastic Kibana 5.4.3
Elasticsearch Kibana 5.1.0
Elastic Kibana 5.0.2
Elastic Kibana 5.0.1
Elastic Kibana 5.0.0
Elastic Kibana 5.4.2
Elastic Kibana 5.4.0
Elastic Kibana 5.2.0
Elastic Kibana 5.1.1
Elastic Kibana 5.6.0
Elastic Kibana 5.4.1
Elastic Kibana 5.3.3
Elastic Kibana 5.2.1
Elastic Kibana 5.1.2
4.3
CVSSv2
CVE-2015-5619
Logstash 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow malicious users to obtain sensitive information via a man-in-the-middle attack.
Elastic Logstash 1.4.0
Elastic Logstash 1.4.2
Elasticsearch Logstash 1.5.0
Elasticsearch Logstash 1.5.1
Elastic Logstash 1.4.1
Elasticsearch Logstash 1.5.2
Elasticsearch Logstash 1.5.3
Elasticsearch Logstash 1.4.3
Elasticsearch Logstash 1.4.4
4
CVSSv2
CVE-2017-8442
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an ...
Elastic X-pack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »