Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-37288 | Deserialization of Untrusted Data vulnerability in Elastic Kibana 8.15.0 A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. | 8.8 |
| 2024-08-13 | CVE-2024-37287 | Unspecified vulnerability in Elastic Kibana A flaw allowing arbitrary code execution was discovered in Kibana. | 7.2 |
| 2024-08-03 | CVE-2024-37286 | Information Exposure Through Log Files vulnerability in Elastic APM Server APM server logs contain document body from a partially failed bulk index request. | 6.5 |
| 2024-07-26 | CVE-2023-49921 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. | 6.5 |
| 2024-06-19 | CVE-2024-23443 | Unspecified vulnerability in Elastic Kibana A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | 4.9 |
| 2024-06-14 | CVE-2024-23442 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2024-06-13 | CVE-2024-37279 | Unspecified vulnerability in Elastic Kibana A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | 4.3 |
| 2024-06-13 | CVE-2024-37280 | Out-of-bounds Write vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. | 4.9 |
| 2024-02-07 | CVE-2024-23448 | Information Exposure Through Log Files vulnerability in Elastic APM Server An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. | 7.5 |
| 2024-02-07 | CVE-2024-23446 | Unspecified vulnerability in Elastic Kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. | 6.5 |