Vulnerabilities > Elastic > Elasticsearch > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-7014 | Improper Privilege Management vulnerability in Elastic Elasticsearch The fix for CVE-2020-7009 was found to be incomplete. | 8.8 |
| 2020-03-31 | CVE-2020-7009 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. | 8.8 |
| 2019-03-25 | CVE-2019-7611 | Unspecified vulnerability in Elastic Elasticsearch A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . | 8.1 |
| 2018-09-19 | CVE-2018-3831 | Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. | 8.8 |