Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-37280 | Out-of-bounds Write vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. | 4.9 |
| 2024-03-29 | CVE-2024-23449 | Unspecified vulnerability in Elastic Elasticsearch An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. | 5.3 |
| 2024-03-27 | CVE-2024-23451 | Incorrect Authorization vulnerability in Elastic Elasticsearch Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. | 6.5 |
| 2024-03-27 | CVE-2024-23450 | Unspecified vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. | 7.5 |
| 2024-02-07 | CVE-2024-23448 | Information Exposure Through Log Files vulnerability in Elastic APM Server An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. | 7.5 |
| 2024-02-07 | CVE-2024-23446 | Unspecified vulnerability in Elastic Kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. | 6.5 |
| 2024-02-07 | CVE-2024-23447 | Unspecified vulnerability in Elastic Network Drive Connector An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. | 6.5 |
| 2023-12-13 | CVE-2023-46671 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. | 6.5 |
| 2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
| 2023-12-12 | CVE-2023-49922 | Information Exposure Through Log Files vulnerability in Elastic Beats 8.0.0/8.9.2 An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |