Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2021-37942 | Unspecified vulnerability in Elastic APM Java Agent A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. | 7.8 |
| 2023-11-22 | CVE-2021-22142 | Unspecified vulnerability in Elastic Kibana Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. | 8.8 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2023-11-15 | CVE-2023-46672 | Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | 5.5 |
| 2023-10-26 | CVE-2023-31416 | Unspecified vulnerability in Elastic Cloud on Kubernetes 1.1.0 Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. | 5.3 |
| 2023-10-26 | CVE-2023-31417 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. | 4.4 |
| 2023-10-26 | CVE-2023-31418 | Resource Exhaustion vulnerability in Elastic Elasticsearch An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. | 7.5 |
| 2023-10-26 | CVE-2023-31419 | Out-of-bounds Write vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | 7.5 |
| 2023-10-26 | CVE-2023-46666 | Unspecified vulnerability in Elastic Sharepoint Online Python Connector An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. | 6.5 |