Vulnerabilities > Elastic > Elasticsearch > 7.9.0

DATE CVE VULNERABILITY TITLE RISK
2021-02-10 CVE-2020-7021 Information Exposure Through Log Files vulnerability in Elastic Elasticsearch
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled.
network
low complexity
elastic CWE-532
4.9
4.9
2021-01-14 CVE-2021-22132 Insufficiently Protected Credentials vulnerability in multiple products
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API.
network
high complexity
elastic oracle CWE-522
4.8
4.8
2020-10-22 CVE-2020-7020 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.
network
high complexity
elastic CWE-269
3.1
3.1