Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-23716 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | 5.3 |
| 2022-08-25 | CVE-2022-23715 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. | 6.5 |
| 2022-07-06 | CVE-2022-23713 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
| 2022-07-06 | CVE-2022-23714 | Unspecified vulnerability in Elastic Endpoint Security A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2022-06-06 | CVE-2022-23712 | Unspecified vulnerability in Elastic Elasticsearch A Denial of Service flaw was discovered in Elasticsearch. | 7.5 |
| 2022-04-21 | CVE-2022-23711 | Unspecified vulnerability in Elastic Kibana A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. | 5.3 |
| 2022-03-03 | CVE-2022-23708 | Unspecified vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | 4.3 |
| 2022-03-03 | CVE-2022-23709 | Missing Authorization vulnerability in Elastic Kibana A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. | 4.3 |
| 2022-03-03 | CVE-2022-23710 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
| 2022-02-11 | CVE-2022-23707 | Cross-site Scripting vulnerability in Elastic Kibana An XSS vulnerability was found in Kibana index patterns. | 5.4 |