Vulnerabilities > Elastic
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-13 | CVE-2024-37287 | Unspecified vulnerability in Elastic Kibana A flaw allowing arbitrary code execution was discovered in Kibana. | 7.2 |
2024-08-03 | CVE-2024-37286 | Information Exposure Through Log Files vulnerability in Elastic APM Server APM server logs contain document body from a partially failed bulk index request. | 6.5 |
2024-07-26 | CVE-2023-49921 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. | 6.5 |
2024-06-19 | CVE-2024-23443 | Unspecified vulnerability in Elastic Kibana A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | 4.9 |
2024-06-14 | CVE-2024-23442 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
2024-02-07 | CVE-2024-23448 | Information Exposure Through Log Files vulnerability in Elastic APM Server An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. | 7.5 |
2024-02-07 | CVE-2024-23446 | Unspecified vulnerability in Elastic Kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. | 6.5 |
2024-02-07 | CVE-2024-23447 | Unspecified vulnerability in Elastic Network Drive Connector An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. | 6.5 |
2023-12-13 | CVE-2023-46671 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. | 6.5 |
2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |