Skip to main content

Elastic

321 CVEs vendor

Monthly

CVE-2020-7020 Maven LOW PATCH Monitor

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
3.1
EPSS
1.0%
CVE-2020-4756 MEDIUM PATCH This Month

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Elastic Denial Of Service IBM Elastic Storage Server Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4383 MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4382 MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4381 MEDIUM PATCH This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-7019 Maven MEDIUM PATCH This Month

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-7018 HIGH This Week

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Enterprise Search
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-7017 MEDIUM This Month

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Elastic Kibana Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2020-7016 MEDIUM PATCH This Month

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Elastic Denial Of Service Kibana Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-7015 MEDIUM This Month

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-7014 Maven HIGH PATCH This Week

The fix for CVE-2020-7009 was found to be incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-7013 HIGH This Week

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Code Injection Kibana Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-7012 HIGH POC THREAT Act Now

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Code Injection Kibana
NVD
CVSS 3.1
8.8
EPSS
18.2%
CVE-2020-7011 MEDIUM This Month

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Elastic App Search
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-7010 Go HIGH PATCH This Week

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Elastic Information Disclosure Elastic Cloud On Kubernetes
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-9387 MEDIUM PATCH This Month

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-7009 Maven HIGH PATCH This Week

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-9386 MEDIUM PATCH This Month

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-2687 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-2600 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-5487 MEDIUM POC This Month

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Elastic Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-7621 MEDIUM This Month

Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-18456 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18460 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Elastic Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-7619 Maven MEDIUM PATCH This Month

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2019-7618 MEDIUM This Month

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Kibana
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-13423 HIGH This Week

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Search Guard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-13422 MEDIUM This Month

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Search Guard
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7617 PyPI HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure Apm Agent
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-7885 PHP HIGH PATCH This Week

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Elastic Adobe Magento
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-7616 MEDIUM This Month

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2019-7615 Ruby HIGH PATCH This Week

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Apm Agent Ruby
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2019-7614 Maven MEDIUM PATCH This Month

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-1867 CRITICAL Act Now

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cisco Elastic Services Controller
NVD
CVSS 3.0
10.0
EPSS
30.3%
CVE-2019-1003052 Maven HIGH This Week

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Jenkins Information Disclosure Aws Elastic Beanstalk Publisher
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-7611 Maven HIGH PATCH This Week

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Elastic Elasticsearch
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-7610 CRITICAL Act Now

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Elastic RCE Kibana
NVD
CVSS 3.0
9.0
EPSS
3.9%
CVE-2019-7609 CRITICAL POC KEV THREAT Emergency

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Elastic RCE Kibana Openshift Container Platform
NVD
CVSS 3.1
10.0
EPSS
95.3%
CVE-2019-7608 MEDIUM This Month

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-17247 Maven MEDIUM PATCH This Month

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Java XXE Elasticsearch
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-17246 CRITICAL POC THREAT Act Now

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic RCE Kibana Openshift Container Platform
NVD
CVSS 3.0
9.8
EPSS
82.3%
CVE-2018-17245 CRITICAL Act Now

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-17244 Maven MEDIUM PATCH This Month

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Elastic Elasticsearch
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-3164 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3831 Maven HIGH PATCH This Week

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-3830 MEDIUM This Month

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana Openshift Container Platform
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2018-3829 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2018-3828 HIGH This Week

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-3827 HIGH This Week

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Microsoft Information Disclosure Azure Repository
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2018-3826 MEDIUM This Month

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-3825 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-3821 MEDIUM This Month

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-3820 MEDIUM This Month

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-3819 MEDIUM This Month

The fix in Kibana for ESA-2017-23 was incomplete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-3818 MEDIUM This Month

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-8074 PHP HIGH PATCH This Week

Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Code Injection RCE Yii
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-0130 CRITICAL Act Now

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cisco Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-0121 CRITICAL Act Now

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Cisco Elastic Services Controller Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-0106 LOW Monitor

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Cisco Elastic Services Controller
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2017-11482 MEDIUM This Month

The Kibana fix for CVE-2017-8451 was found to be incomplete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11481 MEDIUM This Month

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-5173 HIGH This Week

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2015-5172 Maven CRITICAL PATCH Act Now

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Information Disclosure Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2015-5171 Maven CRITICAL PATCH Act Now

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Information Disclosure Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2015-5170 Maven HIGH PATCH This Week

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Elastic Cf Release Cloud Foundry Elastic Runtime Cloud Foundry Uaa
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-10335 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Elastic Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-12629 Maven CRITICAL POC PATCH THREAT Act Now

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

Apache XXE Elastic RCE Solr +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.9%
Threat
6.3
CVE-2017-8021 CRITICAL Act Now

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Storage
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2017-8444 MEDIUM This Month

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-11479 MEDIUM This Month

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0732 HIGH This Week

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cf Release User Account And Authentication Uaa Release +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-6786 MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-6778 MEDIUM This Month

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Ultra Services Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6777 MEDIUM This Month

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-6776 MEDIUM This Month

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Elastic Elastic Services Controller
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6772 MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-4165 Maven HIGH PATCH This Week

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Java Privilege Escalation Elastic Elasticsearch
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-8442 MEDIUM This Month

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure X Pack
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-6713 CRITICAL Act Now

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Elastic Elastic Services Controller
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-6712 HIGH This Week

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection Elastic Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6709 CRITICAL Act Now

A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Ultra Services Framework
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-8443 MEDIUM This Month

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-1304 MEDIUM This Month

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service IBM Elastic Elastic Storage Server
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2017-8452 HIGH This Week

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Kibana
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8451 MEDIUM This Month

With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10366 MEDIUM This Month

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-10365 MEDIUM This Month

Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10364 MEDIUM This Month

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Kibana
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-10362 Ruby MEDIUM PATCH This Month

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Output Plugin
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-1000221 Ruby HIGH PATCH This Week

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Logstash
NVD
CVSS 3.0
7.5
EPSS
0.7%
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Elastic Denial Of Service IBM +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Denial Of Service IBM +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Enterprise Search
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Elastic Kibana +3
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Elastic Denial Of Service Kibana +3
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The fix for CVE-2020-7009 was found to be incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Elasticsearch
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Code Injection +2
NVD
EPSS 18% CVSS 8.8
HIGH POC THREAT Act Now

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Code Injection +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Elastic App Search
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Elastic Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Elasticsearch
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Elastic Gitlab
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Gitlab
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Elastic Information Disclosure
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic RCE Kibana
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Search Guard
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Search Guard
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Elastic Adobe +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Apm Agent Ruby
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Elastic Information Disclosure +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Act Now

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cisco +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Elastic Elasticsearch
NVD
EPSS 4% CVSS 9.0
CRITICAL Act Now

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Elastic RCE +1
NVD
EPSS 95% CVSS 10.0
CRITICAL POC KEV THREAT Emergency

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Elastic RCE +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Java XXE +1
NVD
EPSS 82% CVSS 9.8
CRITICAL POC THREAT Act Now

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic RCE Kibana +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Elastic +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Authentication Bypass Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The fix in Kibana for ESA-2017-23 was incomplete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Code Injection RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Cisco +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Cisco +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Cisco +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Kibana fix for CVE-2017-8451 was found to be incomplete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Cf Release +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Information Disclosure Cf Release +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Information Disclosure Cf Release +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Elastic Cf Release +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Elastic +2
NVD
EPSS 94% 6.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

Apache XXE Elastic +5
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Storage
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Cloud Enterprise
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Cf Release +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Elastic +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Java Privilege Escalation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure X Pack
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Elastic +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service IBM +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Kibana
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elastic Kibana
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Kibana
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Output Plugin
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Logstash
NVD
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy