Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2021-22143 | Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. | 4.3 |
| 2023-11-22 | CVE-2021-37937 | Unspecified vulnerability in Elastic Elasticsearch An issue was found with how API keys are created with the Fleet-Server service account. | 8.8 |
| 2023-11-22 | CVE-2021-37942 | Unspecified vulnerability in Elastic APM Java Agent A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. | 7.8 |
| 2023-11-22 | CVE-2021-22142 | Unspecified vulnerability in Elastic Kibana Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. | 8.8 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2023-11-15 | CVE-2023-46672 | Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | 5.5 |
| 2023-10-26 | CVE-2023-31416 | Unspecified vulnerability in Elastic APM Server and Elastic Cloud on Kubernetes Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. | 5.3 |
| 2023-10-26 | CVE-2023-31417 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. | 4.4 |
| 2023-10-26 | CVE-2023-31418 | Resource Exhaustion vulnerability in Elastic Elasticsearch An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. | 7.5 |