Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-38774 Unspecified vulnerability in Elastic Endgame and Endpoint Security
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
local
low complexity
elastic
7.8
2023-01-26 CVE-2022-38775 Unspecified vulnerability in Elastic Endpoint Security
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
local
low complexity
elastic
7.8
2022-11-18 CVE-2021-22141 Open Redirect vulnerability in Elastic Kibana
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16.
network
low complexity
elastic CWE-601
6.1
2022-11-18 CVE-2021-37936 Cross-site Scripting vulnerability in Elastic Kibana
It was discovered that Kibana was not sanitizing document fields containing HTML snippets.
network
low complexity
elastic CWE-79
5.4
2022-09-28 CVE-2022-23716 Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
network
low complexity
elastic CWE-532
5.3
2022-07-06 CVE-2022-23713 Cross-site Scripting vulnerability in Elastic Kibana
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3
2022-07-06 CVE-2022-23714 Improper Privilege Management vulnerability in Elastic Endpoint Security
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
local
low complexity
elastic CWE-269
7.2
2022-06-06 CVE-2022-23712 Unspecified vulnerability in Elastic Elasticsearch
A Denial of Service flaw was discovered in Elasticsearch.
network
low complexity
elastic
7.5
2022-04-21 CVE-2022-23711 Unspecified vulnerability in Elastic Kibana
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source.
network
low complexity
elastic
5.0
2022-03-03 CVE-2022-23708 Improper Privilege Management vulnerability in Elastic Elasticsearch
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
network
low complexity
elastic CWE-269
4.3