Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch elasticsearch vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
5.3
CVSSv3
CVE-2019-18456
An issue exists in GitLab Community and Enterprise Edition 8.17 up to and including 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).
Gitlab Gitlab
7.8
CVSSv3
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is t...
Pivotal Cloud Foundry Deployment Concourse Tasks
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Smoke Test
Pivotal Cloud Foundry Routing Release
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Command Line Interface Release
Pivotal Cloud Foundry Log Cache Release
Pivotal Cloud Foundry Networking Release
Pivotal Cloud Foundry Command Line Interface
Pivotal Cloud Foundry Healthwatch
Pivotal Credhub Service Broker For Pcf
Pivotal Metric Registrar Release
Pivotal On Demand Service Broker
Pivotal Application Service
Pivotal Cloud Foundry Autoscaling Release
Pivotal Pivotal Cloud Foundry Service Broker
Pivotal Single Sign-on
Pivotal Cloud Foundry Event Alerts
Appdynamics Platform Montioring
Bluemedora Nozzle
Contrastsecurity Service Broker
Cyberark Conjur Service Broker
NA
CVE-2015-4152
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash prior to 1.4.3 allows remote malicious users to write to arbitrary files via vectors related to dynamic field references in the path option.
Elastic Logstash
4.3
CVSSv3
CVE-2020-9387
In Mahara 19.04 prior to 19.04.5 and 19.10 prior to 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
Mahara Mahara
Mahara Mahara 20.04
7.5
CVSSv3
CVE-2019-19629
In GitLab EE 10.5 up to and including 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
Gitlab Gitlab
7.1
CVSSv3
CVE-2021-31828
An SSRF issue in Open Distro for Elasticsearch (ODFE) prior to 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
4.3
CVSSv3
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
7.5
CVSSv3
CVE-2019-15590
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
Gitlab Gitlab
7.5
CVSSv3
CVE-2020-7010
Elastic Cloud on Kubernetes (ECK) versions before 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials gener...
Elastic Elastic Cloud On Kubernetes
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »