Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-23447 | Unspecified vulnerability in Elastic Network Drive Connector An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. | 6.5 |
| 2023-12-13 | CVE-2023-46671 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. | 6.5 |
| 2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
| 2023-12-12 | CVE-2023-49922 | Information Exposure Through Log Files vulnerability in Elastic Beats 8.0.0/8.9.2 An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
| 2023-12-12 | CVE-2023-6687 | Information Exposure Through Log Files vulnerability in Elastic Agent 8.0.0/8.9.2 An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
| 2023-12-12 | CVE-2023-49923 | Information Exposure Through Log Files vulnerability in Elastic Enterprise Search An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. | 6.5 |
| 2023-12-05 | CVE-2023-46674 | Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. | 7.8 |
| 2023-11-22 | CVE-2023-46673 | Improper Handling of Exceptional Conditions vulnerability in Elastic Elasticsearch It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | 7.5 |
| 2023-11-22 | CVE-2021-22143 | Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. | 4.3 |
| 2023-11-22 | CVE-2021-37937 | Unspecified vulnerability in Elastic Elasticsearch An issue was found with how API keys are created with the Fleet-Server service account. | 8.8 |