Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18456
An issue exists in GitLab Community and Enterprise Edition 8.17 up to and including 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).
Gitlab Gitlab
5
CVSSv2
CVE-2019-18460
An issue exists in GitLab Community and Enterprise Edition 8.15 up to and including 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
Gitlab Gitlab
5
CVSSv2
CVE-2019-7619
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.
Elastic Elasticsearch
2.1
CVSSv2
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is t...
Pivotal Cloud Foundry Deployment Concourse Tasks
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Smoke Test
Pivotal Cloud Foundry Routing Release
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Command Line Interface Release
Pivotal Cloud Foundry Log Cache Release
Pivotal Cloud Foundry Networking Release
Pivotal Cloud Foundry Command Line Interface
Pivotal Cloud Foundry Healthwatch
Pivotal Credhub Service Broker For Pcf
Pivotal Metric Registrar Release
Pivotal On Demand Service Broker
Pivotal Application Service
Pivotal Cloud Foundry Autoscaling Release
Pivotal Pivotal Cloud Foundry Service Broker
Pivotal Single Sign-on
Pivotal Cloud Foundry Event Alerts
Appdynamics Platform Montioring
Bluemedora Nozzle
Contrastsecurity Service Broker
Cyberark Conjur Service Broker
4.3
CVSSv2
CVE-2019-7614
A race condition flaw was found in the response headers Elasticsearch versions prior to 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an malicious user to gain access to response header containing sensitive dat...
Elastic Elasticsearch
6.8
CVSSv2
CVE-2019-7611
A permission issue was found in Elasticsearch versions prior to 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to fa...
Elastic Elasticsearch
4
CVSSv2
CVE-2018-17244
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated...
Elastic Elasticsearch
4.3
CVSSv2
CVE-2018-17247
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted reques...
Elastic Elasticsearch 6.5.1
Elastic Elasticsearch 6.5.0
4.3
CVSSv2
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
4
CVSSv2
CVE-2018-3826
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.
Elastic Elasticsearch
Elastic Elasticsearch 6.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »