Vulnerabilities > Elastic > Elasticsearch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2020-7021 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. | 4.9 |
| 2021-01-14 | CVE-2021-22132 | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |
| 2020-08-18 | CVE-2020-7019 | Improper Privilege Management vulnerability in Elastic Elasticsearch In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. | 6.5 |
| 2019-10-30 | CVE-2019-7619 | Unspecified vulnerability in Elastic Elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. | 5.3 |
| 2019-07-30 | CVE-2019-7614 | Race Condition vulnerability in Elastic Elasticsearch A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. | 5.9 |
| 2018-12-20 | CVE-2018-17247 | XXE vulnerability in Elastic Elasticsearch 6.5.0/6.5.1 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. | 5.9 |
| 2018-12-20 | CVE-2018-17244 | Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2 Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. | 6.5 |
| 2018-09-19 | CVE-2018-3826 | Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. | 6.5 |