Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch elasticsearch vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
383
VMScore
CVE-2018-3825
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can conn...
Elastic Elastic Cloud Enterprise
383
VMScore
CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.
Elastic Azure Repository
Elastic Azure Repository 6.0.0
383
VMScore
CVE-2017-8444
The client-forwarder in Elastic Cloud Enterprise versions before 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Elasticsearch Cloud Enterprise 1.0.1
Elasticsearch Cloud Enterprise 1.0.0
383
VMScore
CVE-2017-11479
Kibana versions before 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana 5.3.2
Elastic Kibana 5.3.1
Elastic Kibana 5.3.0
Elastic Kibana 5.2.2
Elastic Kibana 5.5.3
Elastic Kibana 5.5.2
Elastic Kibana 5.5.1
Elastic Kibana 5.5.0
Elastic Kibana 5.4.3
Elasticsearch Kibana 5.1.0
Elastic Kibana 5.0.2
Elastic Kibana 5.0.1
Elastic Kibana 5.0.0
Elastic Kibana 5.4.2
Elastic Kibana 5.4.0
Elastic Kibana 5.2.0
Elastic Kibana 5.1.1
Elastic Kibana 5.6.0
Elastic Kibana 5.4.1
Elastic Kibana 5.3.3
Elastic Kibana 5.2.1
Elastic Kibana 5.1.2
383
VMScore
CVE-2015-5619
Logstash 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow malicious users to obtain sensitive information via a man-in-the-middle attack.
Elastic Logstash 1.4.0
Elastic Logstash 1.4.2
Elasticsearch Logstash 1.5.0
Elasticsearch Logstash 1.5.1
Elastic Logstash 1.4.1
Elasticsearch Logstash 1.5.2
Elasticsearch Logstash 1.5.3
Elasticsearch Logstash 1.4.3
Elasticsearch Logstash 1.4.4
383
VMScore
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch prior to 1.4.0.Beta1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Elasticsearch Elasticsearch
357
VMScore
CVE-2022-23708
A flaw exists in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Elastic Elasticsearch
357
VMScore
CVE-2020-7019
In Elasticsearch prior to 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could ...
Elastic Elasticsearch
356
VMScore
CVE-2022-34807
Jenkins Elasticsearch Query Plugin 1.2 and previous versions stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Elasticsearch Query
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »