Vulnerabilities > Elastic > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2021-22142 | Unspecified vulnerability in Elastic Kibana Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. | 8.8 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-10-26 | CVE-2023-31418 | Resource Exhaustion vulnerability in Elastic Elasticsearch An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. | 7.5 |
| 2023-10-26 | CVE-2023-31419 | Out-of-bounds Write vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | 7.5 |
| 2023-10-26 | CVE-2023-31421 | Improper Certificate Validation vulnerability in Elastic products It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. | 7.5 |
| 2023-10-26 | CVE-2023-31422 | Information Exposure Through Log Files vulnerability in Elastic Kibana 8.10.0 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. | 7.5 |
| 2023-10-26 | CVE-2023-46667 | Information Exposure Through Log Files vulnerability in Elastic Fleet Server 8.10.0/8.10.2 An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. | 8.1 |
| 2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
| 2023-05-04 | CVE-2023-31415 | Code Injection vulnerability in Elastic Kibana 8.7.0 Kibana version 8.7.0 contains an arbitrary code execution flaw. | 8.8 |
| 2023-02-08 | CVE-2022-38777 | Improper Privilege Management vulnerability in Elastic Endgame and Endpoint Security An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |