Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-22145 Information Exposure Through AN Error Message vulnerability in Elastic Elasticsearch
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
network
low complexity
elastic CWE-209
4.0
2021-07-21 CVE-2021-22146 Exposure of Resource TO Wrong Sphere vulnerability in Elastic Elasticsearch 7.13.3
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
network
low complexity
elastic CWE-668
5.0
2021-06-02 CVE-2020-10743 Improperly Implemented Security Check for Standard vulnerability in multiple products
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests.
4.3
2021-05-13 CVE-2021-22135 Information Exposure vulnerability in Elastic Elasticsearch
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled.
network
elastic CWE-200
4.3
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
local
low complexity
elastic CWE-613
3.6
2021-05-13 CVE-2021-22137 Information Exposure vulnerability in Elastic Elasticsearch
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used.
network
elastic CWE-200
4.3
2021-05-13 CVE-2021-22138 Improper Certificate Validation vulnerability in Elastic Logstash
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature.
network
elastic CWE-295
4.3
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
4.0
2021-05-13 CVE-2021-22140 XXE vulnerability in Elastic APP Search 7.11.0/7.11.1
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature.
network
low complexity
elastic CWE-611
5.0
2021-03-08 CVE-2021-22134 Information Exposure vulnerability in Elastic Elasticsearch
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used.
network
low complexity
elastic CWE-200
4.0