Vulnerabilities > Elastic > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-7010 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Elastic Cloud on Kubernetes Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. | 7.5 |
| 2020-03-31 | CVE-2020-7009 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. | 8.8 |
| 2019-10-30 | CVE-2019-7620 | Unspecified vulnerability in Elastic Logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. | 7.5 |
| 2019-08-22 | CVE-2019-7617 | Improper Input Validation vulnerability in Elastic APM Agent When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. | 7.2 |
| 2019-07-30 | CVE-2019-7615 | Improper Certificate Validation vulnerability in Elastic Apm-Agent-Ruby A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. | 7.4 |
| 2019-03-25 | CVE-2019-7613 | Unspecified vulnerability in Elastic Winlogbeat Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. | 7.5 |
| 2019-03-25 | CVE-2019-7611 | Unspecified vulnerability in Elastic Elasticsearch A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . | 8.1 |
| 2018-09-19 | CVE-2018-3831 | Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. | 8.8 |
| 2018-09-19 | CVE-2018-3828 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. | 7.5 |
| 2018-09-19 | CVE-2018-3827 | Information Exposure Through Log Files vulnerability in Elastic Azure Repository A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. | 8.1 |