Vulnerabilities > Elastic > Elasticsearch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-22147 | Missing Authorization vulnerability in Elastic Elasticsearch Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. | 6.5 |
| 2021-07-26 | CVE-2021-22144 | Uncontrolled Recursion vulnerability in multiple products In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. | 6.5 |
| 2021-07-21 | CVE-2021-22145 | Information Exposure Through an Error Message vulnerability in multiple products A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. | 6.5 |
| 2021-07-21 | CVE-2021-22146 | Unspecified vulnerability in Elastic Elasticsearch 7.13.3 All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. | 7.5 |
| 2021-05-13 | CVE-2021-22135 | Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. | 5.3 |
| 2021-05-13 | CVE-2021-22137 | Improper Preservation of Permissions vulnerability in Elastic Elasticsearch In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. | 5.3 |
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |
| 2021-02-10 | CVE-2020-7021 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. | 4.9 |
| 2021-01-14 | CVE-2021-22132 | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |
| 2020-10-22 | CVE-2020-7020 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |