Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-23713 Cross-site Scripting vulnerability in Elastic Kibana
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3
2022-07-06 CVE-2022-23714 Improper Privilege Management vulnerability in Elastic Endpoint Security
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
local
low complexity
elastic CWE-269
7.2
2022-06-06 CVE-2022-23712 Unspecified vulnerability in Elastic Elasticsearch
A Denial of Service flaw was discovered in Elasticsearch.
network
low complexity
elastic
5.0
2022-04-21 CVE-2022-23711 Unspecified vulnerability in Elastic Kibana
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source.
network
low complexity
elastic
5.0
2022-03-03 CVE-2022-23708 Improper Privilege Management vulnerability in Elastic Elasticsearch
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
network
low complexity
elastic CWE-269
4.0
2022-03-03 CVE-2022-23709 Missing Authorization vulnerability in Elastic Kibana
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules.
network
low complexity
elastic CWE-862
4.0
2022-03-03 CVE-2022-23710 Cross-site Scripting vulnerability in Elastic Kibana 7.15.1/7.15.2/8.0.0
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3
2022-02-11 CVE-2022-23707 Cross-site Scripting vulnerability in Elastic Kibana
An XSS vulnerability was found in Kibana index patterns.
network
elastic CWE-79
3.5
2021-12-08 CVE-2021-37941 Improper Privilege Management vulnerability in Elastic APM Agent
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent.
4.4
2021-12-07 CVE-2021-37940 Server-Side Request Forgery (SSRF) vulnerability in Elastic Enterprise Search
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration.
network
low complexity
elastic CWE-918
4.0