Vulnerabilities > Elastic > Elasticsearch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-22135 | Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. | 5.3 |
| 2021-05-13 | CVE-2021-22137 | Improper Preservation of Permissions vulnerability in Elastic Elasticsearch In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. | 5.3 |
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |
| 2021-02-10 | CVE-2020-7021 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. | 4.9 |
| 2021-01-14 | CVE-2021-22132 | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |
| 2020-10-22 | CVE-2020-7020 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |
| 2020-08-18 | CVE-2020-7019 | Improper Privilege Management vulnerability in Elastic Elasticsearch In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. | 6.5 |
| 2020-06-03 | CVE-2020-7014 | Improper Privilege Management vulnerability in Elastic Elasticsearch The fix for CVE-2020-7009 was found to be incomplete. | 8.8 |
| 2020-03-31 | CVE-2020-7009 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. | 8.8 |
| 2019-10-30 | CVE-2019-7619 | Unspecified vulnerability in Elastic Elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. | 5.3 |