Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2019-7608 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
elastic CWE-79
4.3
2018-12-20 CVE-2018-17247 XXE vulnerability in Elastic Elasticsearch 6.5.0/6.5.1
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API.
network
elastic CWE-611
4.3
2018-12-20 CVE-2018-17246 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin.
network
low complexity
elastic redhat CWE-829
7.5
2018-12-20 CVE-2018-17245 Insufficiently Protected Credentials vulnerability in Elastic Kibana
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports.
network
low complexity
elastic CWE-522
5.0
2018-12-20 CVE-2018-17244 Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms.
network
low complexity
elastic CWE-200
4.0
2018-09-19 CVE-2018-3831 Information Exposure vulnerability in Elastic Elasticsearch
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API.
network
low complexity
elastic CWE-200
4.0
2018-09-19 CVE-2018-3830 Cross-site Scripting vulnerability in multiple products
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
low complexity
elastic redhat CWE-79
6.1
2018-09-19 CVE-2018-3829 Authentication Bypass by Spoofing vulnerability in Elastic Cloud Enterprise
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token.
network
high complexity
elastic CWE-290
5.3
2018-09-19 CVE-2018-3828 Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability.
network
elastic CWE-532
3.5
2018-09-19 CVE-2018-3827 Credentials Management vulnerability in Elastic Azure Repository 6.0.0
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin.
network
elastic CWE-255
4.3