Vulnerabilities > Elastic > Elasticsearch > 6.4.0

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-17244 Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms.
network
low complexity
elastic CWE-200
6.5
6.5
2018-09-19 CVE-2018-3831 Information Exposure vulnerability in Elastic Elasticsearch
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API.
network
low complexity
elastic CWE-200
8.8
8.8