Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2020-10743 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
| 2021-05-13 | CVE-2021-22135 | Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. | 5.3 |
| 2021-05-13 | CVE-2021-22136 | Insufficient Session Expiration vulnerability in Elastic Kibana In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. | 3.5 |
| 2021-05-13 | CVE-2021-22137 | Improper Preservation of Permissions vulnerability in Elastic Elasticsearch In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. | 5.3 |
| 2021-05-13 | CVE-2021-22138 | Improper Certificate Validation vulnerability in Elastic Logstash In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. | 3.7 |
| 2021-05-13 | CVE-2021-22139 | Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. | 6.5 |
| 2021-05-13 | CVE-2021-22140 | XXE vulnerability in Elastic APP Search 7.11.0/7.11.1 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. | 7.5 |
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |
| 2021-02-10 | CVE-2021-22133 | Information Exposure Through Log Files vulnerability in Elastic APM Agent The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. | 2.4 |
| 2021-02-10 | CVE-2020-7021 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. | 4.9 |