Vulnerabilities > Elastic

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-19	CVE-2018-3826	Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. network low complexity elastic CWE-311	4.0
2018-09-19	CVE-2018-3825	Insecure Default Initialization of Resource vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. network elastic CWE-1188	4.3
2018-09-19	CVE-2018-3824	Cross-site Scripting vulnerability in Elastic products X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. network elastic CWE-79	4.3
2018-09-19	CVE-2018-3823	Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. network low complexity elastic CWE-79	5.4
2018-03-30	CVE-2018-3822	Path Traversal vulnerability in Elastic X-Pack 6.2.0/6.2.1/6.2.2 X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. network low complexity elastic CWE-22 critical	9.8
2018-03-30	CVE-2018-3821	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2018-03-30	CVE-2018-3820	Cross-site Scripting vulnerability in Elastic Kibana 6.1.1/6.1.2 Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2018-03-30	CVE-2018-3819	Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. network elastic CWE-601	5.8
2018-03-30	CVE-2018-3818	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network elastic CWE-79	4.3
2018-03-30	CVE-2018-3817	Information Exposure vulnerability in Elastic Logstash When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. network low complexity elastic CWE-200	4.0

Vulnerabilities > Elastic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Elastic"}]}

Vulnerabilities > Elastic