Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-7015
Kibana versions prior to 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the malicious user to obtain sensitive information from, or perform destructive actions, on behalf of Kibana u...
Elastic Kibana
4
CVSSv2
CVE-2020-7019
In Elasticsearch prior to 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could ...
Elastic Elasticsearch
4
CVSSv2
CVE-2020-7021
Elasticsearch versions prior to 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allo...
Elastic Elasticsearch
4
CVSSv2
CVE-2018-17244
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated...
Elastic Elasticsearch
4.3
CVSSv2
CVE-2018-3820
Kibana versions after 6.1.0 and prior to 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
4.3
CVSSv2
CVE-2018-3821
Kibana versions after 5.1.1 and prior to 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
5
CVSSv2
CVE-2016-10363
Logstash versions before 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by t...
Elastic Logstash
4
CVSSv2
CVE-2022-23708
A flaw exists in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
Elastic Elasticsearch
4.3
CVSSv2
CVE-2021-22135
Elasticsearch versions prior to 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level s...
Elastic Elasticsearch
5
CVSSv2
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Elastic Logstash
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »