Vulnerabilities > Elastic > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-04 | CVE-2023-31413 | Information Exposure Through Log Files vulnerability in Elastic Filebeat 8.6.2 Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | 3.3 |
2021-11-18 | CVE-2021-37939 | Cleartext Transmission of Sensitive Information vulnerability in Elastic Kibana It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. | 2.7 |
2021-05-13 | CVE-2021-22138 | Improper Certificate Validation vulnerability in Elastic Logstash In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. | 3.7 |
2021-05-13 | CVE-2021-22136 | Insufficient Session Expiration vulnerability in Elastic Kibana In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. | 3.5 |
2021-02-10 | CVE-2021-22133 | Information Exposure Through Log Files vulnerability in Elastic APM Agent The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. | 2.4 |
2020-10-22 | CVE-2020-7020 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |