Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-21 | CVE-2024-43709 | Allocation of Resources Without Limits or Throttling vulnerability in Elastic Elasticsearch An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. | 7.5 |
| 2024-12-17 | CVE-2024-12539 | Incorrect Authorization vulnerability in Elastic Elasticsearch 8.16.0/8.16.1 An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. | 6.5 |
| 2024-09-09 | CVE-2024-37288 | Deserialization of Untrusted Data vulnerability in Elastic Kibana 8.15.0 A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. | 8.8 |
| 2024-08-13 | CVE-2024-37287 | Unspecified vulnerability in Elastic Kibana A flaw allowing arbitrary code execution was discovered in Kibana. | 7.2 |
| 2024-08-03 | CVE-2024-37286 | Information Exposure Through Log Files vulnerability in Elastic APM Server APM server logs contain document body from a partially failed bulk index request. | 6.5 |
| 2024-07-31 | CVE-2024-23444 | Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation. | 7.5 |
| 2024-07-26 | CVE-2023-49921 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. | 6.5 |
| 2024-06-19 | CVE-2024-23443 | Unspecified vulnerability in Elastic Kibana A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | 4.9 |
| 2024-06-14 | CVE-2024-23442 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2024-06-13 | CVE-2024-37279 | Unspecified vulnerability in Elastic Kibana A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | 4.3 |