Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Elastic Logstash
3.3
CVSSv3
CVE-2023-45585
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, v...
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem 6.2.1
Fortinet Fortisiem 6.2.0
Fortinet Fortisiem 5.4.0
Fortinet Fortisiem
Fortinet Fortisiem 6.6.0
Fortinet Fortisiem 6.6.1
Fortinet Fortisiem 6.6.2
Fortinet Fortisiem 6.6.3
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem 6.1.0
Fortinet Fortisiem 6.1.1
Fortinet Fortisiem 6.1.2
Fortinet Fortisiem 7.0.0
Fortinet Fortisiem 6.3.0
Fortinet Fortisiem 6.3.1
Fortinet Fortisiem 6.3.2
Fortinet Fortisiem 6.3.3
8.1
CVSSv3
CVE-2023-46667
An issue exists in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retr...
Elastic Fleet Server
4.3
CVSSv3
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows malicious users to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
Appsmith Appsmith 1.7.11
9.8
CVSSv3
CVE-2022-38656
HCL Commerce, when using Elasticsearch, can allow a remote malicious user to cause a denial of service attack on the site and make administrative changes.
Hcltechsw Hcl Commerce
5.4
CVSSv3
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
NA
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.3.3
Elastic Logstash 1.1.11
Elastic Logstash 1.1.10
Elastic Logstash 1.1.3
Elastic Logstash 1.1.2
Elastic Logstash 1.2.2
Elastic Logstash 1.2.1
Elastic Logstash 1.1.7
Elastic Logstash 1.1.6
Elastic Logstash 1.1.0
Elastic Logstash 1.0.17
Elastic Logstash 1.4.0
Elastic Logstash 1.4.1
Elastic Logstash 1.0.14
Elastic Logstash 1.1.13
Elastic Logstash 1.1.12
Elastic Logstash 1.1.5
Elastic Logstash 1.1.4
Elastic Logstash 1.0.16
Elastic Logstash 1.0.15
Elastic Logstash 1.3.2
Elastic Logstash 1.3.1
8.1
CVSSv3
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
7.5
CVSSv3
CVE-2019-18460
An issue exists in GitLab Community and Enterprise Edition 8.15 up to and including 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
Gitlab Gitlab
5.3
CVSSv3
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »