Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch elasticsearch vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Elastic Logstash
NA
CVE-2023-45585
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, v...
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem 6.2.1
Fortinet Fortisiem 6.2.0
Fortinet Fortisiem 5.4.0
Fortinet Fortisiem
Fortinet Fortisiem 6.6.0
Fortinet Fortisiem 6.6.1
Fortinet Fortisiem 6.6.2
Fortinet Fortisiem 6.6.3
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem 6.1.0
Fortinet Fortisiem 6.1.1
Fortinet Fortisiem 6.1.2
Fortinet Fortisiem 7.0.0
Fortinet Fortisiem 6.3.0
Fortinet Fortisiem 6.3.1
Fortinet Fortisiem 6.3.2
Fortinet Fortisiem 6.3.3
NA
CVE-2023-46667
An issue exists in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retr...
Elastic Fleet Server
NA
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows malicious users to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
Appsmith Appsmith 1.7.11
NA
CVE-2022-38656
HCL Commerce, when using Elasticsearch, can allow a remote malicious user to cause a denial of service attack on the site and make administrative changes.
Hcltechsw Hcl Commerce
NA
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
7.5
CVSSv2
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.3.3
Elastic Logstash 1.1.11
Elastic Logstash 1.1.10
Elastic Logstash 1.1.3
Elastic Logstash 1.1.2
Elastic Logstash 1.2.2
Elastic Logstash 1.2.1
Elastic Logstash 1.1.7
Elastic Logstash 1.1.6
Elastic Logstash 1.1.0
Elastic Logstash 1.0.17
Elastic Logstash 1.4.0
Elastic Logstash 1.4.1
Elastic Logstash 1.0.14
Elastic Logstash 1.1.13
Elastic Logstash 1.1.12
Elastic Logstash 1.1.5
Elastic Logstash 1.1.4
Elastic Logstash 1.0.16
Elastic Logstash 1.0.15
Elastic Logstash 1.3.2
Elastic Logstash 1.3.1
5
CVSSv2
CVE-2019-18460
An issue exists in GitLab Community and Enterprise Edition 8.15 up to and including 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
Gitlab Gitlab
6.8
CVSSv2
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
5
CVSSv2
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
Gitlab Gitlab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »