Vulnerabilities > Elastic

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-16	CVE-2016-1000220	Cross-site Scripting vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. network low complexity elastic CWE-79	6.1
2017-06-16	CVE-2016-1000219	Improper Authorization vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. network low complexity elastic CWE-285	7.5
2017-06-16	CVE-2016-1000218	Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana Reporting 2.4.0 Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. network low complexity elastic CWE-352	8.8
2017-06-16	CVE-2015-9056	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8441	Information Exposure vulnerability in Elastic X-Pack Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. network low complexity elastic CWE-200	4.3
2017-06-05	CVE-2017-8440	Cross-site Scripting vulnerability in Elastic Kibana Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8439	Cross-site Scripting vulnerability in Elastic Kibana 5.4.0 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8438	Improper Privilege Management vulnerability in Elastic X-Pack Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. network low complexity elastic CWE-269	8.8
2015-02-17	CVE-2015-1427	The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. network low complexity elastic redhat critical	9.8

Vulnerabilities > Elastic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Elastic"}]}

Vulnerabilities > Elastic