Vulnerabilities > Elastic > Low

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-31413 Information Exposure Through Log Files vulnerability in Elastic Filebeat 8.6.2
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
local
low complexity
elastic CWE-532
3.3
2021-11-18 CVE-2021-37939 Cleartext Transmission of Sensitive Information vulnerability in Elastic Kibana
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view.
network
low complexity
elastic CWE-319
2.7
2021-05-13 CVE-2021-22138 Improper Certificate Validation vulnerability in Elastic Logstash
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature.
network
high complexity
elastic CWE-295
3.7
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
low complexity
elastic CWE-613
3.5
2021-02-10 CVE-2021-22133 Information Exposure Through Log Files vulnerability in Elastic APM Agent
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic.
low complexity
elastic CWE-532
2.4
2020-10-22 CVE-2020-7020 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.
network
high complexity
elastic CWE-269
3.1