Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-6687 | Information Exposure Through Log Files vulnerability in Elastic Agent 8.0.0/8.9.2 An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
| 2023-12-12 | CVE-2023-49923 | Information Exposure Through Log Files vulnerability in Elastic Enterprise Search An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. | 6.5 |
| 2023-12-05 | CVE-2023-46674 | Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. | 7.8 |
| 2023-11-22 | CVE-2023-46673 | Improper Handling of Exceptional Conditions vulnerability in Elastic Elasticsearch It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | 7.5 |
| 2023-11-22 | CVE-2021-22143 | Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. | 4.3 |
| 2023-11-22 | CVE-2021-37937 | Unspecified vulnerability in Elastic Elasticsearch An issue was found with how API keys are created with the Fleet-Server service account. | 8.8 |
| 2023-11-22 | CVE-2021-37942 | Unspecified vulnerability in Elastic APM Java Agent A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. | 7.8 |
| 2023-11-22 | CVE-2021-22142 | Unspecified vulnerability in Elastic Kibana Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. | 8.8 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |