Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-22147 Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Elasticsearch
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots.
network
low complexity
elastic CWE-732
4.0
2021-09-15 CVE-2021-22148 Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Enterprise Search
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator.
network
low complexity
elastic CWE-732
6.5
2021-09-15 CVE-2021-22149 Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Enterprise Search
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route.
network
low complexity
elastic CWE-732
6.5
2021-07-26 CVE-2021-22144 Uncontrolled Recursion vulnerability in Elastic Elasticsearch
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser.
network
low complexity
elastic CWE-674
4.0
2021-07-21 CVE-2021-22145 Information Exposure Through an Error Message vulnerability in Elastic Elasticsearch
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
network
low complexity
elastic CWE-209
4.0
2021-07-21 CVE-2021-22146 Exposure of Resource to Wrong Sphere vulnerability in Elastic Elasticsearch 7.13.3
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
network
low complexity
elastic CWE-668
5.0
2021-06-02 CVE-2020-10743 Improperly Implemented Security Check for Standard vulnerability in multiple products
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests.
4.3
2021-05-13 CVE-2021-22135 Information Exposure vulnerability in Elastic Elasticsearch
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled.
network
elastic CWE-200
4.3
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
local
low complexity
elastic CWE-613
3.6
2021-05-13 CVE-2021-22137 Information Exposure vulnerability in Elastic Elasticsearch
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used.
network
elastic CWE-200
4.3