Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-22140 | XXE vulnerability in Elastic APP Search 7.11.0/7.11.1 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. | 7.5 |
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |
| 2021-02-10 | CVE-2021-22133 | Information Exposure Through Log Files vulnerability in Elastic APM Agent The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. | 2.4 |
| 2021-02-10 | CVE-2020-7021 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. | 4.9 |
| 2021-01-14 | CVE-2021-22132 | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |
| 2020-12-02 | CVE-2020-27816 | Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. | 6.1 |
| 2020-10-22 | CVE-2020-7020 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |
| 2020-08-18 | CVE-2020-7019 | Improper Privilege Management vulnerability in Elastic Elasticsearch In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. | 6.5 |
| 2020-08-18 | CVE-2020-7018 | Improper Privilege Management vulnerability in Elastic Enterprise Search Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. | 8.8 |
| 2020-06-03 | CVE-2020-7015 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. | 5.4 |