Vulnerabilities > Elastic

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-31419 Out-of-bounds Write vulnerability in Elastic Elasticsearch
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
network
low complexity
elastic CWE-787
7.5
2023-10-26 CVE-2023-46666 Unspecified vulnerability in Elastic Sharepoint Online Python Connector
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector.
network
low complexity
elastic
6.5
2023-10-26 CVE-2023-31421 Improper Certificate Validation vulnerability in Elastic products
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed.
network
low complexity
elastic CWE-295
7.5
2023-10-26 CVE-2023-31422 Information Exposure Through Log Files vulnerability in Elastic Kibana 8.10.0
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error.
network
low complexity
elastic CWE-532
7.5
2023-10-26 CVE-2023-46667 Information Exposure Through Log Files vulnerability in Elastic Fleet Server 8.10.0/8.10.2
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text.
network
low complexity
elastic CWE-532
8.1
2023-10-26 CVE-2023-46668 Information Exposure Through Log Files vulnerability in Elastic Endpoint 7.9.0/8.10.3
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext.
network
low complexity
elastic CWE-532
critical
9.1
2023-05-04 CVE-2023-31413 Information Exposure Through Log Files vulnerability in Elastic Filebeat 8.6.2
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
local
low complexity
elastic CWE-532
3.3
2023-05-04 CVE-2023-31414 Code Injection vulnerability in Elastic Kibana
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw.
network
low complexity
elastic CWE-94
8.8
2023-05-04 CVE-2023-31415 Code Injection vulnerability in Elastic Kibana 8.7.0
Kibana version 8.7.0 contains an arbitrary code execution flaw.
network
low complexity
elastic CWE-94
8.8
2023-02-22 CVE-2022-38779 Open Redirect vulnerability in Elastic Kibana
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
network
low complexity
elastic CWE-601
6.1