Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-23711 Unspecified vulnerability in Elastic Kibana
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source.
network
low complexity
elastic
5.0
2022-03-03 CVE-2022-23708 Improper Privilege Management vulnerability in Elastic Elasticsearch
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
network
low complexity
elastic CWE-269
4.0
2022-03-03 CVE-2022-23709 Missing Authorization vulnerability in Elastic Kibana
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules.
network
low complexity
elastic CWE-862
4.0
2022-03-03 CVE-2022-23710 Cross-site Scripting vulnerability in Elastic Kibana 7.15.1/7.15.2/8.0.0
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3
2022-02-11 CVE-2022-23707 Cross-site Scripting vulnerability in Elastic Kibana
An XSS vulnerability was found in Kibana index patterns.
network
elastic CWE-79
3.5
2021-12-08 CVE-2021-37941 Improper Privilege Management vulnerability in Elastic APM Agent
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent.
4.4
2021-12-07 CVE-2021-37940 Server-Side Request Forgery (SSRF) vulnerability in Elastic Enterprise Search
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration.
network
low complexity
elastic CWE-918
4.0
2021-11-18 CVE-2021-37938 Path Traversal vulnerability in Elastic Kibana
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files.
network
low complexity
elastic CWE-22
4.0
2021-11-18 CVE-2021-37939 Cleartext Transmission of Sensitive Information vulnerability in Elastic Kibana
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view.
network
low complexity
elastic CWE-319
4.0
2021-09-15 CVE-2021-22147 Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Elasticsearch
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots.
network
low complexity
elastic CWE-732
4.0