Vulnerabilities > Elastic > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-31419 | Out-of-bounds Write vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | 7.5 |
| 2023-10-26 | CVE-2023-31421 | Improper Certificate Validation vulnerability in Elastic products It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. | 7.5 |
| 2023-10-26 | CVE-2023-31422 | Information Exposure Through Log Files vulnerability in Elastic Kibana 8.10.0 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. | 7.5 |
| 2023-10-26 | CVE-2023-46667 | Information Exposure Through Log Files vulnerability in Elastic Fleet Server 8.10.0/8.10.2 An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. | 8.1 |
| 2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
| 2023-05-04 | CVE-2023-31415 | Code Injection vulnerability in Elastic Kibana 8.7.0 Kibana version 8.7.0 contains an arbitrary code execution flaw. | 8.8 |
| 2023-02-08 | CVE-2022-38777 | Improper Privilege Management vulnerability in Elastic Endgame and Endpoint Security An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2023-01-26 | CVE-2022-38774 | Unspecified vulnerability in Elastic Endgame and Endpoint Security An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2023-01-26 | CVE-2022-38775 | Unspecified vulnerability in Elastic Endpoint Security An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |
| 2022-07-06 | CVE-2022-23714 | Unspecified vulnerability in Elastic Endpoint Security A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 7.8 |