Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch elasticsearch vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-46667
An issue exists in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retr...
Elastic Fleet Server
3.3
CVSSv3
CVE-2023-45585
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, v...
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem 6.2.1
Fortinet Fortisiem 6.2.0
Fortinet Fortisiem 5.4.0
Fortinet Fortisiem
Fortinet Fortisiem 6.6.0
Fortinet Fortisiem 6.6.1
Fortinet Fortisiem 6.6.2
Fortinet Fortisiem 6.6.3
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem 6.1.0
Fortinet Fortisiem 6.1.1
Fortinet Fortisiem 6.1.2
Fortinet Fortisiem 7.0.0
Fortinet Fortisiem 6.3.0
Fortinet Fortisiem 6.3.1
Fortinet Fortisiem 6.3.2
Fortinet Fortisiem 6.3.3
7.5
CVSSv3
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Elastic Logstash
4.3
CVSSv3
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows malicious users to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
Appsmith Appsmith 1.7.11
9.8
CVSSv3
CVE-2022-38656
HCL Commerce, when using Elasticsearch, can allow a remote malicious user to cause a denial of service attack on the site and make administrative changes.
Hcltechsw Hcl Commerce
5.4
CVSSv3
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
NA
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.3.3
Elastic Logstash 1.1.11
Elastic Logstash 1.1.10
Elastic Logstash 1.1.3
Elastic Logstash 1.1.2
Elastic Logstash 1.2.2
Elastic Logstash 1.2.1
Elastic Logstash 1.1.7
Elastic Logstash 1.1.6
Elastic Logstash 1.1.0
Elastic Logstash 1.0.17
Elastic Logstash 1.4.0
Elastic Logstash 1.4.1
Elastic Logstash 1.0.14
Elastic Logstash 1.1.13
Elastic Logstash 1.1.12
Elastic Logstash 1.1.5
Elastic Logstash 1.1.4
Elastic Logstash 1.0.16
Elastic Logstash 1.0.15
Elastic Logstash 1.3.2
Elastic Logstash 1.3.1
NA
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog prior to 7.4.2 and prior to 7.5.2 devel, when errorfile is set to local logging, allows remote malicious users to cause a denial of service (crash) and possibly execu...
Rsyslog Rsyslog 7.3.7
Rsyslog Rsyslog 7.3.6
Rsyslog Rsyslog 7.3.5
Rsyslog Rsyslog 7.3.4
Rsyslog Rsyslog 7.1.10
Rsyslog Rsyslog 7.1.9
Rsyslog Rsyslog 7.1.8
Rsyslog Rsyslog 7.1.7
Rsyslog Rsyslog 7.1.6
Rsyslog Rsyslog 7.4.0
Rsyslog Rsyslog 7.3.15
Rsyslog Rsyslog 7.3.14
Rsyslog Rsyslog 7.3.13
Rsyslog Rsyslog 7.2.6
Rsyslog Rsyslog 7.2.5
Rsyslog Rsyslog 7.2.4
Rsyslog Rsyslog 7.2.3
Rsyslog Rsyslog 7.1.1
Rsyslog Rsyslog 7.1.0
Rsyslog Rsyslog 6.6.0
Rsyslog Rsyslog 6.5.1
Rsyslog Rsyslog
7.5
CVSSv3
CVE-2019-18460
An issue exists in GitLab Community and Enterprise Edition 8.15 up to and including 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
Gitlab Gitlab
8.1
CVSSv3
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »