Vulnerabilities > Elastic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-7015 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. | 3.5 |
| 2020-06-03 | CVE-2020-7014 | Improper Privilege Management vulnerability in Elastic Elasticsearch The fix for CVE-2020-7009 was found to be incomplete. | 6.5 |
| 2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 6.5 |
| 2020-06-03 | CVE-2020-7012 | Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. | 6.5 |
| 2020-06-03 | CVE-2020-7011 | Cross-site Scripting vulnerability in Elastic APP Search Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. | 4.3 |
| 2020-06-03 | CVE-2020-7010 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Elastic Cloud on Kubernetes Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. | 7.5 |
| 2020-03-31 | CVE-2020-7009 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. | 6.5 |
| 2019-12-18 | CVE-2019-7621 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. | 3.5 |
| 2019-10-30 | CVE-2019-7620 | Unspecified vulnerability in Elastic Logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. | 5.0 |
| 2019-10-30 | CVE-2019-7619 | Unspecified vulnerability in Elastic Elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. | 5.0 |